"GitHub: Stolen OAuth Access Tokens Used by Hackers to Breach Organizations"

The cloud-based repository hosting service, GitHub, has disclosed that an unknown adversary used stolen OAuth user credentials to extract sensitive data from various organizations. GitHub’s Mike Hanley revealed the abuse of stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of businesses. Apps and services typically use OAuth access tokens to grant access to certain areas of a user’s data and interact with each other without disclosing the user’s credentials. For example, it is one of the most common ways in which a Single Sign-On (SSO) provider gives authorization to another application. According to the company, the OAuth tokens were not gained through a breach of GitHub or its systems since it does not store them in their original useable states. In addition, GitHub warned that the hackers could be evaluating the downloaded private repository contents from target organizations using these third-party OAuth applications to gain more secrets that may be used to shift to other sections of their infrastructure. This article continues to discuss the use of stolen OAuth user tokens to download data from private GitHub repositories. 

CyberIntelMag reports "GitHub: Stolen OAuth Access Tokens Used by Hackers to Breach Organizations"