Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

2022-04-28 13:14

GitHub revealed details tied to last week's incident where hackers, using stolen OAuth tokens, downloaded data from private repositories.

"We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats," said Mike Hanley, chief security officer, GitHub.

GitHub analysis the incident include that the attackers authenticated to the GitHub API using the stolen OAuth tokens issued to accounts Heroku and Travis CI. It added, most most of those affected authorized Heroku or Travis CI OAuth apps in their GitHub accounts.

GitHub said it is in the process of sending the final notification to its customer who had either Travis CI or Heroku OAuth apps integrated into their GitHub accounts.

GitHub began the investigation into the stolen tokens on April 12, when the GitHub Security first identified unauthorized access to the NPM production infrastructure using a compromised AWS API key.

These API keys were acquired by attackers when they downloaded a set of private NPM repositories using stolen OAuth token.

News URL

https://threatpost.com/github-repos-stolen-oauth-tokens/179427/

#breach #github #oauth #token

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Github		12	3	42	30	15	90