Security News > 2022 > April > GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens
2022-04-21 20:36

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the company said in an updated post.

The incident originally came to light on April 12 when GitHub uncovered signs that a malicious actor had leveraged the stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organizations, including NPM. The Microsoft-owned platform also said that it will alert customers promptly should the ongoing investigation identify additional victims.

Hosted continuous integration service provider Travis CI, in a similar advisory published on Monday, stated that it had "Revoked all authorization keys and tokens preventing any further access to our systems."

Stating that no customer data was exposed, the company acknowledged that the attackers breached a Heroku service and accessed a private application's OAuth key that's used to integrate both the Heroku and Travis CI apps.

Travis CI reiterated that it found no evidence of intrusion into a private customer repository or that the threat actors obtained unwarranted source code access.

"Given the data we had and out of an abundance of caution, Travis CI revoked and reissued all private customer auth keys and tokens integrating Travis CI with GitHub to ensure no customer data is compromised," the company said.


News URL

https://thehackernews.com/2022/04/github-notifies-victims-whose-private.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90