Security News

A stealthy cryptocurrency mining operation has been spotted using thousands of free accounts on GitHub, Heroku and other DevOps outfits to craft digital tokens. Sysdig estimated each of those 30 free GitHub accounts cost the Microsoft-owned giant $15 per month, and the free tier accounts from Heroku, Buddy and others cost providers between $7 and $10 per month.

Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. As a consequence, Salesforce said it's resetting all Heroku user passwords and ensuring that potentially affected credentials are refreshed.

Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database.Like many users, we unexpectedly received a password reset email from Heroku, even though BleepingComputer does not have any OAuth integrations that use Heroku apps or GitHub.

Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts. Last night, some Heroku users began receiving emails titled 'Heroku security notification - resetting user account passwords on May 4, 2022' stating that passwords would be forcibly reset today in response to last month's security incident.

Efforts by Salesforce-owned cloud platform Heroku to manage a recent security incident are turning into a bit of a disaster, according to some users. The most recent status update from just prior to midnight UTC on 3 May read: "A subset of Heroku customers will receive email notifications directly from Salesforce Incident Alerts regarding our continuous efforts to enhance security."