Security News > 2022 > April > GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
GitHub revealed today that an attacker is using stolen OAuth user tokens to download data from private repositories.
"The applications maintained by these integrators were used by GitHub users, including GitHub itself," revealed today Mike Hanley, Chief Security Officer at GitHub.
"We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems, because the tokens in question are not stored by GitHub in their original, usable formats."
Travis CI. GitHub Security identified the unauthorized access to GitHub's npm production infrastructure on April 12 after the attacker used a compromised AWS API key.
The attacker likely obtained the API key after downloading multiple private npm repositories using stolen OAuth tokens.
"Upon discovering the broader theft of third-party OAuth tokens not stored by GitHub or npm on the evening of April 13, we immediately took action to protect GitHub and npm by revoking tokens associated with GitHub and npm's internal use of these compromised applications," Hanley added.