Skip to main content

Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns

posted onApril 18, 2022
by l33tdawg
Flickr
Credit: Flickr

GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations.

Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. GitHub excludes that the attacker obtained these tokens via a compromise of GitHub or its systems, the company explained that the stolen tokens used to access the repositories are not stored by GitHub in their original, usable formats.

On April 12, the company launched an investigation into a series of unauthorized access to data stored in repositories of dozens of organizations. The experts first detected the intrusion on April 12 when the company’s security team identified unauthorized access to their npm production infrastructure using a compromised AWS API key. The threat actors allegedly obtained the AWS API key by downloading a set of unspecified private NPM repositories using the stolen OAuth token from one of the two affected OAuth applications. GitHub revoked the access tokens associated with the affected apps.

Source

Tags

Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th