CySecurity News – Latest Information Security and Hacking Incidents
On Thursday Heroku disclosed that users’ passwords were stolen during a cyberattack that occurred a month ago, confirming that the attack also involved the code repository GitHub. Heroku revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database.
Following the attack, the organization has notified its customer that the company is going to reset their passwords on May 4 unless they change passwords beforehand. In this process, the company has also warned its users that the existing API access tokens will also be inactive and new ones have to be generated for future work.
“We appreciate your collaboration and trust as we continue to make your success our top priority. The initial detection related to this campaign occurred on April 12 when GitHub Security identified unauthorized access to our npm production infrastructure using a compromised AWS API key,” GitHub said.
“Based on subsequent analysis, we believe this API key was obtained by the attacker when they downloaded a set of private npm repositories using a stolen OAuth token from one of the two affected third-party OAuth applications described above.”
The attack in question relates to the theft of OAuth tokens that GitHub saw in April, which impacted
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: