GitHub: Attacker breached dozens of orgs using stolen OAuth tokens

Sergiu Gatlan reports:

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including npm.

Read more at BleepingComputer.

About the author: Dissent

Comments are closed.