Stolen OAuth Tokens Allow Attacker to Breach ‘Dozens’ of GitHub Repos

Stolen OAuth Tokens Allow Attacker to Breach Dozens of GitHub Repos

In April 2022, GitHub released a timeline of breaches, which includes details on when a threat actor got access to and stole private repositories belonging to dozens of companies.

Last week, GitHub disclosed details about an incident in which hackers accessed data from private projects using stolen OAuth tokens. The OAuth (Open Authorisation) framework or protocol is an open standard authorization framework or protocol for internet token-based authorization.

It allows third-party services like Facebook and Google to use end-user account information. It’s not uncommon for attackers to take control of stolen or found OAuth tokens.

Read More: