CircleCI says hackers stole encryption keys and customers source code

News Summary

  • Zuber said the intruders had access from December 16 through January 4.Zuber said that while customer data was encrypted, the cybercriminals also obtained the encryption keys able to decrypt customer data.
  • LastPass said the intruders had initially compromised an employee’s device and account access, allowing them to break into LastPass’ internal developer environment.Updated headline to better reflect the customer data that was taken.
  • But a stolen session token allows an intruder to gain the same access as the account holder without needing their password or two-factor code.
CircleCi, a software company whose products are popular with developers and software engineers, confirmed that some customers data was stolen in a data breach last month.The company said in a deta [+2952 chars]