Heroku, a platform-as-a-service provider, released more information this week about a hack in April that resulted in illegal access to many customers’ GitHub projects.
The theft of OAuth tokens supplied to Heroku and Travis CI, which allowed the attackers to access the repositories of businesses utilizing these two Continuous Integrations (CI) platforms, was first reported in mid-April.
The threat actors carefully listed all of the accessible repositories and only downloaded private repositories from certain firms, according to an updated incident notification from GitHub. According to Heroku, the assault began on April 7, when a threat actor acquired access to a company’s database by misusing a compromised token for a Heroku machine account.
Read More: https://www.securityweek.com/heroku-shares-details-recent-github-attack
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
