Security News > 2023 > August > Sourcegraph website breached using leaked admin access token

AI-powered coding platform Sourcegraph revealed that its website was breached this week using a site-admin access token accidentally leaked online on July 14th. An attacker used the leaked token on August 28th to create a new site-admin account and log into the admin dashboard of the company's website, Sourcegraph.com, two days later.

After gaining access to the website's admin dashboard, the threat actor switched their rogue account's privileges multiple times to probe Sourcegraph's system.

"Our security team identified a code commit from July 14 where a site-admin access token was accidentally leaked in a pull request and was leveraged to impersonate a user to gain access to the administrative console of our system," Sourcegraph's Head of Security Diego Comas disclosed on Wednesday.

"The malicious user, or someone connected to them, created a proxy app allowing users to directly call Sourcegraph's APIs and leverage the underlying LLM. Users were instructed to create free Sourcegraph.com accounts, generate access tokens, and then request the malicious user to greatly increase their rate limit," Sourcegraph's.

During the incident, the attacker gained access to Sourcegraph customers' information, including license keys, names, and email addresses.

After discovering the security breach, Sourcegraph deactivated the malicious site-admin account, temporarily reduced API rate limits applicable to all free community users, and rotated the license keys that could have been potentially exposed in the attack.

News URL

https://www.bleepingcomputer.com/news/security/sourcegraph-website-breached-using-leaked-admin-access-token/