*In this incident, the unauthorized actor exfiltrated customer information on De... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		tpmx on Jan 15, 2023 \| parent \| context \| favorite \| on: CircleCI says hackers stole encryption keys and cu... In this incident, the unauthorized actor exfiltrated customer information on December 22, 2022, which included environment variables, keys, and tokens for third-party systems. A lot of production AWS/GCP keys are likely stolen for those that deploy from CI/CD.

fexecve on Jan 19, 2023 [–]

Most people will just update their keys, so I doubt anyone is going to burn botnet cycles on trying to use the keys.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact