CircleCI revealed in a late Friday update that a breach of their IT systems last December was done through the compromise of an employee’s laptop and credentials, both of which were used to steal valuable internal and customer data. The company is now working with multiple third-party providers to rotate secrets, tokens and is aware of “less than five” customers who have reported unauthorized access to their third-party applications following the hack.

Source: Compromise of employee device, credentials led to CircleCI breach