GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI.
“Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications,” the company said in an updated post.
The incident originally came to light on April 12 when GitHub uncovered signs that a malicious actor had leveraged the stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organizations, including NPM.
The Microsoft-owned platform also said that it will alert customers promptly should the ongoing investigation identify additional victims. Additionally, it cautioned that the adversary may also be digging into the repositories for secrets that could be used in other attacks.
Heroku, which has pulled support for GitHub integration in the wake of the incident, recommended that users have the option of integrating their app deployments with Git or other version control providers such as GitLab or Bitbucket.
Hosted continuous integration service provider Travis CI, in a similar advisory published on Monday, stated that it had “revoked all authorization keys and tokens preventing any further access to our systems.”
Stating that no customer data was exposed, the company acknowledged that the attackers breached a Heroku service and accessed a private application’s OAuth key that’s used to integrate both the Heroku and Travis CI apps. Read more:https://bit.ly/3KYur55
You can also read this: Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware