GitHub Issues Alerts for Private Repositories Downloaded Using Stolen OAuth Tokens

22
GitHub Issues Alerts for Private Repositories Downloaded Using Stolen OAuth Tokens-01

GitHub has issued an alert on a hack that resulted in an unauthorized entity downloading the private repositories of hundreds of businesses, using stolen OAuth user credentials. On April 12, the code hosting platform saw unusual behavior on its npm production infrastructure.

According to a GitHub alert, the attackers used a stolen AWS API key that appears to have been obtained when the attackers downloaded private npm repositories via a compromised OAuth token obtained from Heroku or Travis-CI, two third-party OAuth integrators.

Additionally, the hosting platform believes that attackers may be mining compromised repositories of secrets for information that might aid them in pivoting to other infrastructures.

Read More: https://www.securityweek.com/github-warns-private-repositories-downloaded-using-stolen-oauth-tokens