Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Github Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub

GitHub on Monday noted that it had notified all victims of an
attack campaign, which involved an unauthorized party downloading
private repository contents by taking advantage of third-party
OAuth user tokens maintained by Heroku and Travis CI.

“Customers should also continue to monitor Heroku and Travis CI
for updates on their own investigations into the affected OAuth
applications,” the company said[1]
in an updated post.

The incident[2]
originally came to light on April 12 when GitHub uncovered signs
that a malicious actor had leveraged the stolen OAuth user tokens
issued to Heroku and Travis-CI to download data from dozens of
organizations, including NPM.

CyberSecurity

The Microsoft-owned platform also said that it will alert
customers promptly should the ongoing investigation identify
additional victims. Additionally, it cautioned that the adversary
may also be digging into the repositories for secrets that could be
used in other attacks.

Heroku, which has pulled support for GitHub integration in the
wake of the incident, recommended[3]
that users have the option of integrating their app deployments
with Git or other version control providers such as GitLab or
Bitbucket.

Hosted continuous integration service provider Travis CI, in a
similar advisory[4]
published on Monday, stated that it had “revoked all authorization
keys and tokens preventing any further access to our systems.”

CyberSecurity

Stating that no customer data was exposed, the company
acknowledged that the attackers breached a Heroku service and
accessed a private application’s OAuth key that’s used to integrate
both the Heroku and Travis CI apps.

But Travis CI reiterated that it found no evidence of intrusion
into a private customer repository or that the threat actors
obtained unwarranted source code access.

“Given the data we had and out of an abundance of caution,
Travis CI revoked and reissued all private customer auth keys and
tokens integrating Travis CI with GitHub to ensure no customer data
is compromised,” the company said.

References

  1. ^
    said
    (github.blog)
  2. ^
    incident
    (thehackernews.com)
  3. ^
    recommended
    (status.heroku.com)
  4. ^
    advisory
    (blog.travis-ci.com)

Read more