Fork me on GitHub

The describing the breach and response is interesting. As to the malware on the engineer's laptop that the antivirus software did not pick up, I am curious as to specifics. What OS was the engineer running, what antivirus software was being used, what is the name of the malware? How did the malware infect the laptop?


I know the answer to some of those questions, but not all of them, and not the most interesting ones. I can't share anything publicly beyond what's already in the incident report, but I can ask if there will be any addenda to the report.


Thanks @UM3GAUMKP, sharing these kind of details might help folks to question and improve their own practices (me included of course!).


I'm trying to find out if there's anything additional we can release, it's just things get tricky once you involve forensics, insurers, and legal teams.


Thanks for trying, much appreciated!


It doesn't look like there's a plan to release more information just yet. There are some details in the public incident report that might help. One of the malicious files is a .dmg, and there's a SHA256 you could use to search VirusTotal.


I guess we can probably assume macOS then. Thanks for trying @UM3GAUMKP, much appreciated. I'm not coming up with much in my searches, but I expect eventually details will come to light, if not from CircleCI then from some other sources.