Security News > 2022 > May > Heroku Forces User Password Resets Following GitHub OAuth Token Theft

Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database.

As a consequence, Salesforce said it's resetting all Heroku user passwords and ensuring that potentially affected credentials are refreshed.

The attack campaign, which GitHub discovered on April 12, related to an unidentified actor leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM. The timeline of events as shared by the cloud platform is as follows -.

April 7, 2022 - Threat actor obtains access to a Heroku database and downloads stored customer OAuth access tokens used for GitHub integration.

April 9, 2022 - Attacker downloads a subset of Heroku private repositories from GitHub.

Heroku has since revoked all the access tokens and removed support for deploying apps from GitHub through the Heroku Dashboard to ascertain that "The integration is secure before we re-enable this functionality."

News URL

https://thehackernews.com/2022/05/heroku-forces-user-password-resets.html