Securing SaaS Goes Beyond SaaS Security Posture Management (SSPM)

CircleCI says hackers stole encryption keys and customers’ secrets

CircleCI says hackers stole encryption keys and customers’ secrets

CircleCI says hackers stole encryption keys and customers’ secrets

CircleCI says hackers stole encryption keys and customers’ secrets

Valence Threat Labs
January 23, 2023

CircleCI, a vendor specializing in CI/CD and DevOps tools, confirmed that some customer data was stolen in a data breach last month. The trigger to the investigation was a compromised GitHub OAuth token, which has been a popular attack vector that attackers leverage in the past few months, like many other breaches of developer-focused SaaS applications that the Valence Security Threat Labs team has discussed. Based on the investigation by the CircleCI team, the attackers were able to steal a valid session token of a CircleCI engineer, which allowed them to bypass the two-factor authentication protection and gain unauthorized access to production systems. The attacker was able to steal customer variables, tokens, and keys.

In this blog post, CircleCI recommends their customers to rotate their secrets, including OAuth tokens, Project API Tokens, SSH keys, and more.

Ensuring proper management of SaaS security risks such as ungoverned SaaS-to-SaaS third-party integrations like OAuth keys, API tokens, etc. is key to protect critical organizational data. Implementing a SaaS security solution like Valence can be useful in continuously monitoring for SaaS misconfigurations and misuse as well as right-sizing privileges of both human and non-human identities.

Read the full TechCrunch article

CircleCI says hackers stole encryption keys and customers’ secrets

There’s more to see

Assess Your SaaS Security Risks

What Risks Are Lurking in Your Shadow Third-party SaaS Integrations?
By submitting, I acknowledge Valence Security's Terms of Use and Privacy Policy
Thank you for requesting an assessment. A Valence SaaS security expert will contact you shortly.
Oops! Something went wrong while submitting the form.