MD-2023-0124#
Statement on MD-2023-0124 CircleCI Vulnerability#
August 22, 2024
Information#
An unauthorized third party leveraged malware deployed to a CircleCI engineer’s laptop in order to steal a valid, 2FA-backed SSO session. This machine was compromised on December 16, 2022. The malware was not detected by CircleCI antivirus software.
More info at CircleCI Report
Severity#
Low
Response#
Melissa Data Corporation (“Melissa”) was not impacted by the CircleCI vulnerability as we do not utilize CircleCI for any Melissa commercial web services or products.
Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.
If you have any additional questions, please contact Melissa’s Compliance department at Compliance@melissa.com.