Third Party Risk: CircleCI Breach

CircleCI is a commercial continuous integration and delivery platform used in DevOps processes for software build and deployment.

In a recent disclosure by the company, it was found that a latent malware infection on a CircleCI engineer’s laptop was leveraged to steal a valid, 2FA-backed single sign-on (SSO) session. This allowed the attacker to impersonate the employee from a remote location and access a subset of production systems, databases and stores, resulting in the access and exfiltration of data, including customer environment variables, tokens and keys.

Kaseya does NOT use CircleCI in the development of IT Complete modules and is unaffected by this breach. We advise that MSPs reach out to their critical technology providers and ensure that those providers who are affected are following the appropriate mitigation steps to rotate their secrets, including OAuth tokens, Project API Tokens, SSH keys and more.

Read more here: https://circleci.com/blog/jan-4-2023-incident-report/

-Kaseya Third Party Risk Management Team