GitHub - stolen OAuth user tokens issued to two third-party integrators

FanJ · Apr 18, 2022

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
12 April 2022
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/

On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
Click to expand...

Following immediate investigation, we disclosed our findings to Heroku and Travis-CI on April 13 and 14; more detail is available below and we will update this blog as we learn more.
Click to expand...

PS:
I've tried to search the forum about this issue, but I couldn't find related posting.

FanJ · Apr 18, 2022

https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/

Known-affected OAuth applications as of April 15, 2022:
•Heroku Dashboard (ID: 145909)
•Heroku Dashboard (ID: 628778)
•Heroku Dashboard – Preview (ID: 313468)
•Heroku Dashboard – Classic (ID: 363831)
•Travis CI (ID: 9216)

We are sharing this today as we believe the attacks may be ongoing and action is required for customers to protect themselves.

Click to expand...

FanJ · Apr 18, 2022

https://status.heroku.com/incidents/2413
Heroku Security Notification

Update

As reported yesterday, revocation of all OAuth tokens from the Heroku Dashboard GitHub integration is complete. Until further notice, we will not issue OAuth tokens from the Heroku Dashboard. These actions, based on our current understanding of the issue, should prevent unauthorized access to your GitHub repositories.

We will continue to work with GitHub to provide additional guidance on how to review your GitHub logs for evidence of exfiltration or malicious activity. Please reach out to security@salesforce.com with any information that may assist us with our ongoing investigation.

Please continue to visit status.heroku.com for the latest updates.

Posted a day ago, Apr 17, 2022 18:58 UTC
Click to expand...

Log in or Sign up

GitHub - stolen OAuth user tokens issued to two third-party integrators

FanJ Updates Team

FanJ Updates Team

FanJ Updates Team

Log in or Sign up

GitHub - stolen OAuth user tokens issued to two third-party integrators

FanJ Updates Team

FanJ Updates Team

FanJ Updates Team

Useful Searches