The IT Nerd

On April 18^th, GitHub issued this Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators. The alert warns that private repository contents were accessed via third-party OAuth user tokens maintained by Heroku and Travis CI. Which of course is very, very bad.

David Stewart, CEO, Approov had this comment:

“API keys and OAuth tokens are prime targets for attackers because they are relatively long lifetime identifiers which can be exploited at scale via scripts, similar to credential stuffing techniques using traditional usernames and passwords.

Organizations must consider worst case scenarios where API keys and OAuth tokens become available to bad actors and ensure that these assets can’t be weaponized against their business. A typical way to mitigate such situations is to implement and additional authentication requirement to ensure that these credentials can only be used from genuine remote client instances, eg web apps or mobile apps.”

Chances are if you were affected by this, you will know about it. But it wouldn’t hurt to check your GitHub repositories to make sure.

This entry was posted on April 19, 2022 at 11:40 am and is filed under Commentary with tags GitHub. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.