Fear mounts as LastPass, Slack and CircleCI are breached

Threat actors have breached LastPass, Slack, and CircleCI, raising concerns across the board.

All parties involved have refused to reveal the true state of affairs or how the attacks were carried out. Some even postponed the announcement in order to keep the public safe and minimize the attack.

LastPass’ encrypted password vaults, which store its customers’ passwords and other secrets, were stolen by cybercriminals last December.

In a blog post, Slack stated that an outside threat actor stole a limited number of employee tokens and used them to gain access to the company’s externally hosted GitHub repository. On December 27, the threat actor also downloaded private code repositories, according to the investigation. None of the repositories contained customer data, access to that data, or the primary code base of the company.

CircleCI, for its part, stated that attackers breached its platform for two weeks during the recent Christmas and New Year’s holidays. Customers were then advised to “rotate any secrets stored in CircleCI” while the company investigated an apparent intrusion and data breach.

The fear is growing because the organizations that are supposed to keep our secrets safe are being breached and are not being honest with them. While CircleCI remains tight-lipped about what happened, Slack’s advisory is similarly evasive.

The sources for this piece include an article in ArsTechnica.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web