CircleCI has confirmed that a data breach that impacted the integration and delivery platform was the result of an infostealer deployed to an employee’s laptop. The breach occurred on January 4, 2023 and the company identified the incident after detecting the presence of an unauthorized third party. The information stealer was used to steal a valid, 2FA-backed single sign on session.

The malware was not detected by the CircleCI antivirus program, the company’s Chief Technology Officer reported. A subsequent investigation into the incident found that the malware allowed the attacker to execute session cookie theft and later impersonate the targeted employee. The attacker was potentially able to steal data from CircleCI’s databases and stores, however, it is unclear if this actually occurred. All of the data would have been encrypted, the company states. In the wake of the attack, CircleCI has added detection and blocking through the company’s MDM and A/V solutions as well as additional security measures.

Read More: CircleCI Confirms Data Breach Was Caused By Infostealer on Employee Laptop