Datadog, a cloud security company claims that one of its RPM GPG signature keys and its password were exposed in a CircleCI security breach.
The company stated that they have yet to discover evidence of the key being misused or leaked.
Datadog still takes the following precautions out of an abundance o caution.
Datadog released an updated version of Agent 5 RPM (CentOS/RHEL) in response to CircleCI’s revelation that the threat actor had stolen customers’ environment variables and tokens from its databases. The key was signed by a new Key.
A new Linux installation script has been released by the company that deletes the affected keys from both the Datadog repository and RPM databases.
Datadog repos not compromised
Datadog stated that an attacker could steal the signature key to create a malignant RPM package but they couldn’t use the package to attack customers of the company. They would need to have access to official repository packages.
The official Datadog repositories weren’t compromised. If the signing key is actually leaked it could be used for building an RPM package looking like it’s from Datadog, but that would not suffice to put such a package into our official package repository,” Datadog stated.
“An attacker hypothetically possessing the affected key must be able to upload the RPM package constructed to a repository that is used by the system.”
Customers should ensure their systems no longer trust the affected key. If they do still trust it, delete the key. Verify that all the installed keys were created by Datadog following the instructions .
Datadog posted this information as a “Frequently Asked Question” on their documentation page. It is not listed on Datadog’s website .
BleepingComputer also couldn’t locate this page because search engines don’t index it. Datadog added the ‘noindex and ‘nofollow tags to their metadata.
BleepingComputer reached out to Datadog earlier today, but a spokesperson for the company was unavailable for comment.
Datadog has made this disclosure after CircleCI disclosed on Friday that their systems had been breached by .
CircleCI announced that it early in January. It warned customers to change their tokens and secrets.
The software company claimed that the hackers also stole customer secrets last week after they gained access to internal systems via a 2FA-backed SSO cookie obtained from an employee’s compromised device.
According to the company, multiple clients (less than five) had already discovered “unauthorized access third-party system” and advised customers to examine their environment for any suspicious activity beginning December 16, 2022.