GitHub has announced that dozens of organizations' private repositories had been compromised using stolen OAuth tokens last month as a part of a highly targeted operation, SecurityWeek reports.
Attackers leveraged exfiltrated OAuth tokens issued to Heroku and Travis CI to authenticate to GitHub API and generate a list of all organizations that could be accessed, according to GitHub.
Such tokens, which are utilized for automation, have been compromised prior to the attack. Moreover, organizations were listed by the attackers in an effort to determine private repositories and accounts that could be cloned.
"GitHub believes these attacks were highly targeted based on the available information and our analysis of the attacker behavior using the compromised OAuth tokens issued to Travis CI and Heroku," said the code hosting platform.
Final recommendations for organizations and users affected by the recent attack are underway but GitHub has called on users to track updates through Travis CI and Heroku.
Risk Assessments/Management, Breach, Threat Management
GitHub: Highly targeted attack hit private repositories
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds