On Monday, GitHub announced that it had notified all victims of an attack campaign in which a third-party OAuth user token from Heroku or Travis CI was used to download private repository contents.
In addition, Heroku and Travis CI customers should keep an eye on their own investigations into the affected OAuth applications, the company said in an updated post.
A malicious actor had used stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organizations, including NPM, as first discovered by GitHub on April 12.
Additional victims may be discovered in the ongoing investigation, and the Microsoft-owned platform has pledged to notify its users as soon as possible. A further warning was issued about sifting through repositories for secrets that could be used by the adversary in other attacks.
Git or other version control providers like GitLab or Bitbucket can be used instead of GitHub for app deployments on Heroku, which has removed support for GitHub integration following an incident.
All authorization keys and tokens have been "revoked" by continuous integration service Travis CI to prevent further access to its systems, the company stated in an advisory published on Monday.
An OAuth key used to integrate Heroku and Travis CI was accessed by the attackers, the company said, but no customer data were breached as a result of the attack.
The threat actors did not gain unauthorized access to a private customer repository, as Travis CI has stated repeatedly.
According to the company, Travis CI has revoked and reissued all private customer auth keys and tokens that integrate Travis CI with GitHub to ensure that no customer data is compromised.
Post a Comment
Your suggestions and comments are welcome