Compromise of employee device, credentials led to CircleCI breach

CircleCI revealed in a late Friday update that a breach of their IT systems last December was done through the compromise of an employee's laptop and credentials, both of which were used to steal valuable internal and customer data. The company is now working with multiple third-party providers to rotate secrets, tokens and is aware of "less than five" customers who have reported unauthorized access to their third-party applications following the hack.

access applications aware breach circleci circleci breach compromise credentials customer customer data customers data data security december device employee internal laptop led party secrets steal systems the company third third-party tokens unauthorized access update working