The version control service GitHub has announced that private files of numerous organizations have been accessed via stolen OAuth tokens. Affected companies should assume that the hackers are using the source code to find vulnerabilities. GitHub does not believe that the attackers stole the tokens from the platform itself. The service does not store the data in plain text but in encrypted form. The company believes the information was stolen through the third-party services Heroku and Travis-CI. The apps are used by many organizations, including GitHub itself. “npm” also uses the services.
According to GitHub, the attackers only downloaded data from compromised repositories and made no changes to the packages. However, the hackers have the ability to use the non-public source code to discover critical holes in a company’s infrastructure. This could then be used to access an internal network so that further data can be tapped or services crippled. Repositories managed by GitHub itself are not cloned.
Organizations need to view log files
GitHub is currently working to inform all affected users and businesses about the attack. Organizations must be notified within the next 72 hours that their data may have been stolen. Those actively using the platform should check their audit and security logs for suspicious activity. GitHub has more details on this in a recently published Security alarm called.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.