GitHub has issued an alert on a hack that resulted in an unauthorized entity downloading the private repositories of hundreds of businesses, using stolen OAuth user credentials. On April 12, the code hosting platform saw unusual behavior on its npm production infrastructure.
According to a GitHub alert, the attackers used a stolen AWS API key that appears to have been obtained when the attackers downloaded private npm repositories via a compromised OAuth token obtained from Heroku or Travis-CI, two third-party OAuth integrators.
Additionally, the hosting platform believes that attackers may be mining compromised repositories of secrets for information that might aid them in pivoting to other infrastructures.
Read More:GitHub Warns of Private Repositories Downloaded Using Stolen OAuth Tokens
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.