Fear mounts as LastPass, Slack and CircleCI are breached

Share post:

Threat actors have breached LastPass, Slack, and CircleCI, raising concerns across the board.

All parties involved have refused to reveal the true state of affairs or how the attacks were carried out. Some even postponed the announcement in order to keep the public safe and minimize the attack.

LastPass’ encrypted password vaults, which store its customers’ passwords and other secrets, were stolen by cybercriminals last December.

In a blog post, Slack stated that an outside threat actor stole a limited number of employee tokens and used them to gain access to the company’s externally hosted GitHub repository. On December 27, the threat actor also downloaded private code repositories, according to the investigation. None of the repositories contained customer data, access to that data, or the primary code base of the company.

CircleCI, for its part, stated that attackers breached its platform for two weeks during the recent Christmas and New Year’s holidays. Customers were then advised to “rotate any secrets stored in CircleCI” while the company investigated an apparent intrusion and data breach.

The fear is growing because the organizations that are supposed to keep our secrets safe are being breached and are not being honest with them. While CircleCI remains tight-lipped about what happened, Slack’s advisory is similarly evasive.

The sources for this piece include an article in ArsTechnica.

SUBSCRIBE NOW

Related articles

Hamilton Estimates $52 Million to Rebuild IT Systems After Ransomware Attack

The city of Hamilton plans to spend $52 million over the next three years to rebuild and secure...

Avery Data Breach: Credit Card Skimmer Affects Over 61,000 Customers

Label maker Avery has disclosed a data breach affecting 61,193 customers, caused by a credit card skimmer that...

Scammed Company Ordered to Pay $190k for Fraudulent Invoice Payment

A hacker gained access to Mobius Group’s email system and sent instructions from a legitimate email address, directing...

Sneaky 2FA: A Sophisticated Attack Defeats Both 2FA and Phishing Protections

A new phishing kit, ominously named "Sneaky 2FA," has emerged, targeting Microsoft 365 users by bypassing two-factor authentication...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways