GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to steal private repository data from dozens of organizations including npm
GitHub revealed today that an attacker is using stolen user tokens (issued to Heroku and Travis-CI OAuth) to download data from private repositories.Source:The GitHub BlogandHeroku Status.
BleepingComputer Sergiu Gatlan
Related Coverage
- Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators The GitHub Blog · Mike Hanley
- Incident 2413 — Update Subject: Heroku Security Update: OAuth token revoked At 5:00 p.m. PT … Heroku Status
- An Attacker is Using Stolen OAuth Tokens to Steal Data From Private GitHub Repositories Metacurity · Cynthia Brumfield
- KazukiLabs NewsBites Vol.3 Num. 07 KazukiLabs NewsBites · Kazukilabs
- Stolen OAuth tokens used to download data from dozens of organizations, GitHub warns Security Affairs · Pierluigi Paganini
- GitHub Issues Security Alert After Spotting Misuse of Tokens Stolen from OAuth Integrators Slashdot · EditorDavid
- GitHub: Hackers Stole OAuth Access Tokens to Target Dozens of Firms HackRead · Deeba Ahmed
- Daily Drop (106) — Saturday, April 16, 2022 // (IG): BB //Weekly Sponsor: Philly Tech Club Bob's Newsletter · Bob Bragg
- Stolen Heroku and Travis-CI OAuth tokens used for GitHub repo hacks iTnews · Juha Saarinen
- GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens The Hacker News · Ravie Lakshmanan
Discussion
-
@githubsecurity
@githubsecurity
on x
GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users. https://github.blog/...
-
@malwarejake
Jake Williams
on x
Not to ruin anyone's holiday weekend, but if your org uses @heroku or @travisci, there's an active investigation going on into compromised OAuth tokens used for integration with @GitHub (who initially identified the issue). Action this now. 1/2 https://status.heroku.com/... https…
-
@nikcharlebois
@nikcharlebois
on x
Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators https://github.blog/...
-
@campuscodi
Catalin Cimpanu
on x
On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm https://github.blog/...
-
@jot
Jonathan Markwell
on x
The worst security incident in 14 years of using Heroku and GitHub strikes on one of the UK's best bank holiday weekends. Who else will be spending a chunk of this lovely day reviewing security logs and rotating access tokens? :( https://status.heroku.com/... https://github.blog/…
-
@rstephens
Robert Stephens
on x
“To mitigate impact from potentially compromised Auth tokens, we will revoke over the next several hours all existing tokens from the Heroku GitHub integration.” Whoa. https://status.heroku.com/
-
@jacobian
@jacobian
on x
If you run apps on Heroku you should be keeping an eye on this incident: https://status.heroku.com/... The GitHub breach disclosed earlier involved oauth tokens belonging to the Heroku Dashboard, so there's a very high likelihood that some part of Heroku got popped too.
-
@marypcbuk
Mary Branscombe
on x
attacker abused stolen (but not stolen from GitHub) OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from private repos of dozens of organizations, including npm https://twitter.com/...
-
@quinnypig
Corey Quinn
on x
Frankly, if you're still using @travisci then you've missed an escalatingly dire series of memos over the past few years. https://twitter.com/...