GitHub accounts are being stolen by fake CircleCI accounts
Cybercriminals are impersonating (opens in new tab) CircleCI to try and steal GitHub accounts, both companies have confirmed.
According to the two firms, criminals are currently distributing a phishing email, in which they impersonate the continuous integration and delivery platform, CircleCI.
The email is being sent to GitHub users, and warns them that CircleCI’s user terms and privacy policy have changed, and that they need to sign into their GitHub accounts to accept the new terms.
GitHub warning
As you might expect, there is a link at the email’s bottom that the recipients can click to “accept” the changes. Those that do, risk having their GitHub account credentials, as well as two-factor (2FA) authentication codes stolen, as the attackers relay this information through reverse proxies. According to BleepingComputer, users with hardware security keys are not vulnerable.
“While GitHub itself was not affected, the campaign has impacted many victim organizations,” GitHub said in its warning.
Multiple attack domains
CircleCI has also published an announcement on its forums, warning users of the ongoing attack, and reiterating that the company will never ask users to enter any credentials to view ToS changes.
“Any emails from CircleCI should only include links to circleci.com or its sub-domains,” the company stressed.
So far, multiple domains distributing the phishing email have been confirmed:
- circle-ci[.]com
- emails-circleci[.]com
- circle-cl[.]com
- email-circleci[.]com
The attackers are after GitHub developer (opens in new tab) accounts, and if they manage to get into one, the next thing they’ll do is create personal access tokens (PATs), authorize OAuth apps, and even add SSH keys to the account, to make sure they retain the access even after the owners change the password.
After that, GitHub added, they’ll take data from private repositories. The company has since blocked a number of accounts, confirmed to have been compromised. All potentially impacted users have had their account passwords reset.
Via: BleepingComputer (opens in new tab)
Audio player loading… Cybercriminals are impersonating (opens in new tab) CircleCI to try and steal GitHub accounts, both companies have confirmed. According to the two firms, criminals are currently distributing a phishing email, in which they impersonate the continuous integration and delivery platform, CircleCI. The email is being sent to…
Recent Posts
- Google now offers ‘web’ search — and an AI opt-out button
- Ayn’s new gaming handheld looks like a PSP, and it might just fill the hole in your heart left by Sony’s best portable
- Google Search is getting a massive upgrade – including letting you search with video
- Google Project Astra hands-on: Full of potential, but it’s going to be a while
- OpenAI chief scientist Ilya Sutskever is officially leaving
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011