Yesterday, CircleCI, a Continuous Integration/Continuous Delivery (CI/CD) service, notified the world it had been breached via a critical advisory from its CTO. As a major software delivery pipeline service, CircleCI users store myriad credentials for various services in CircleCI’s “Secrets Store” infrastructure.

It’s rare that a week goes by without at least one data breach making the news. Criminals are targeting companies of all sizes to see if they can slip past their digital defenses and steal confidential data.

Read also: ByteDance caught using TikTok to spy on reporters, BitKeep users lost $8 million in assets in a hack, and more.

Last August, the maintainers of the LastPass cloud-based password manager tool reported a security breach in their servers. The disclosure maintained that an unauthorized party gained access to the LastPass development environment through a single compromised developer account. However – while source code and technical information was stolen, no user data was compromised and no services were interrupted. This specific statement about user data was reiterated many times.

There are currently over 24 billion exposed credentials circulating the dark web, according to a 2022 report by Photon Research Team. In fact, the markets selling compromised credentials are even offering cybercriminals subscription services for purchasing these usernames and passwords. No wonder there has been a 65% increase in exposed credentials on the dark web since the last time this report was conducted in 2020.

On Thursday, December 22, 2022, LastPass updated their security incident notice to include additional details around the data breach they began investigating in November 2022. According to their notice, the threat actor used information obtained in an earlier, August 2022, data breach to target an employee and obtain credentials and keys used to decrypt storage volumes within their cloud-based storage service.

A classic cybersecurity storyline: there is executive tension over cybersecurity spending, the company gets breached, and a blame game between the CISO and their peers ensues, resulting in the termination of the CISO as a form of remediation. Reports indicate that only 27% of CISOs stay in their role at a company for three to five years.

We are generating more data than ever before due to companies' increasing reliance on data to drive their decisions. However, thanks to the possibilities of the digital age, we no longer need cabinets full of documents or huge archive rooms to store data. While it is now easier to store data, the importance of information security is much more significant. That's why users and authorities constantly ask organizations to take more robust data security measures.

A leading European regulator fined Meta Platforms Inc., the company that owns Facebook, 265 million euros, or around $276 million, for failing to better protect the phone numbers and other personal information of more than half a billion users from so-called data scrapers.

‍Plex was breached by an unauthorized third-party gained who gained access to a proprietary database. The specific attack vector that facilitated the breach hasn’t been disclosed. According to Plex, cybercriminals “tunneled” their way through sophisticated cybersecurity mechanisms to gain access to sensitive customer data.