Case Studies
What happens when secrets management fails. These incidents underscore why every organization needs a secrets management strategy.
What happened: An attacker purchased stolen employee credentials from the dark web, then bypassed MFA by social-engineering the employee via WhatsApp. Once inside the intranet, the attacker found PowerShell scripts containing admin credentials for Uber's Privileged Access Management system (Thycotic).
What was exposed: Full admin access to AWS, GCP, Duo, OneLogin, GSuite, and internal bug bounty reports containing unpatched vulnerabilities.
Lesson: Hardcoded credentials in scripts are a ticking time bomb. A PAM system is only as strong as the secrets that protect it. Secrets should never exist in plaintext on any filesystem.
What happened: Malware on a CircleCI engineer's laptop stole a session cookie that had been authenticated via 2FA. The attacker used it to impersonate the engineer and access internal systems, then exfiltrated customer data on December 22, 2022.
What was exposed: Customer environment variables, API tokens, SSH keys, and integration credentials for GitHub and AWS. All customers were told to rotate every secret stored in CircleCI.
Lesson: CI/CD platforms are high-value targets because they hold secrets for dozens of downstream services. Treat CI secrets as production secrets with short TTLs and least-privilege scoping.
What happened: Attackers exploited a flaw in Codecov's Docker image build process to extract a GCS credential. They used it to modify the Bash Uploader script, adding a line that exfiltrated environment variables from every CI environment that ran the script.
What was exposed: Environment variables from CI pipelines of 29,000+ enterprises for over two months before detection. Git remotes, API tokens, and credentials were silently sent to an attacker-controlled server.
Lesson: Supply chain attacks can turn a single leaked credential into a mass exfiltration event. Verify integrity of build tools and limit what secrets are available in CI environments.