Skip to main content

Ctrl+K

Melissa Documentation

Cloud API
On Premise API
Software/Integrations
Reference Data
Melissa

.rst

Statement on MD-2023-0124 CircleCI Unauthorized Access Enabled by Session Cookie Theft

Contents

Information
Risk
Response

Statement on MD-2023-0124 CircleCI Unauthorized Access Enabled by Session Cookie Theft

Statement on MD-2023-0124 CircleCI Unauthorized Access Enabled by Session Cookie Theft #

January 24, 2023

Information #

An unauthorized third party leveraged malware deployed to a CircleCI engineer’s laptop in order to steal a valid, 2FA-backed SSO session. That machine was compromised on December 16, 2022. The malware was not detected by CircleCI antivirus software. CircleCI’s investigation indicates that the malware was able to execute session cookie theft, enabling them to impersonate the targeted employee in a remote location and then escalate access to a subset of CircleCI production systems. More info at CircleCI Report

Risk #

Not Applicable

Response #

Melissa Data Corporation (“Melissa”) was not impacted by the CircleCI vulnerability as we do not utilize CircleCI for any Melissa commercial web services or products.

Melissa will continue to follow all guidance provided for this vulnerability as necessary to prevent any future risks.

Contents

Information
Risk
Response

By Melissa

© Copyright 2025, Melissa Data Corporation.

Last updated on Apr 07, 2025.

If you encounter any errors or have questions, please contact us at MelissaDocs@Melissa.com.