Article 67HB8 First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen)

First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen)

by
Dan Goodin
from Ars Technica - All content on (#67HB8)
you-have-been-hacked-800x534.jpg

Enlarge

In the past 24 hours, the world has learned of serious breaches hitting chat service Slack and software testing and delivery company CircleCI, though giving the companies' opaque wording-security issue" and security incident," respectively-you'd be forgiven for thinking these events were minor.

The compromises-in Slack's case, the theft of employee token credentials and for CircleCI, the possible exposure of all customer secrets it stores-come two weeks after password manager LastPass disclosed its own security failure: the theft of customers' password vaults containing sensitive data in both encrypted and clear text form. It's not clear if all three breaches are related, but that's certainly a possibility.

The most concerning of the two new breaches is the one hitting CircleCI. On Wednesday evening, the company reported a security incident" that prompted it to advise customers to rotate all secrets" they store on the service. The alert also informed customers that it had invalidated their Project API tokens, an event requiring them to go through the hassle of replacing them.

Read 12 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments