Security News > 2022 > April > GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens
Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations.
"An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM," GitHub's Mike Hanley disclosed in a report.
OAuth access tokens are often used by apps and services to authorize access to specific parts of a user's data and communicate with each other without having to share the actual credentials.
Travis CI. The OAuth tokens are not said to have been obtained via a breach of GitHub or its systems, the company said, as it doesn't store the tokens in their original, usable formats.
This AWS API key is believed to have been obtained by downloading a set of unspecified private NPM repositories using the stolen OAuth token from one of the two affected OAuth applications.
GitHub said it has since revoked the access tokens associated with the affected apps.
News URL
https://thehackernews.com/2022/04/github-says-hackers-breach-dozens-of.html
Related news
- Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts (source)
- Recent GitHub supply chain attack traced to leaked SpotBugs token (source)
- SpotBugs Access Token Theft Identified as Root Cause of GitHub Supply Chain Attack (source)
- That massive GitHub supply chain attack? It all started with a stolen SpotBugs token (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts (source)
- Hackers ramp up scans for leaked Git tokens and secrets (source)