GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users. github.blog/2022-04-15-sec…

As of 9:30 PM UTC on April 18, 2022, we’ve notified victims of this campaign whom we have identified as having repository contents downloaded by an unauthorized party through abuse of third-party OAuth user tokens maintained by Heroku and Travis CI. github.blog/2022-04-15-sec…

April 22, 2022 update: As of 7:33 PM UTC on April 22, 2022, GitHub has notified victims of this campaign whom we have identified as having repository details listed using stolen OAuth app tokens, but did NOT have repository contents downloaded. github.blog/2022-04-15-sec…

As of 5:00 PM UTC on April 27, 2022: Sharing the pattern of attacker activity on GitHub; we are in the process of sending the final expected notifications to GitHub[dot]com customers who had either the Heroku or Travis CI OAuth app integrations authorized. github.blog/2022-04-15-sec…

@githubSecurity @codecov --> @travisci & @heroku = @github

@GitHubSecurity For anyone wondering how to check security logs, head over to - github.com/settings/secur…

@GitHubSecurity @GossiTheDog They have absorbed the culture of their new owner - Microsoft.

@githubSecurity @github @riskybusiness Here we go

@githubSecurity @github I'm sorry it's very late in France, i'm half asleep: do that mean that we were impacted if using Heroku Dashboard Third party app (see screenshot) ?

@GitHubSecurity hi are you a fan account

@GitHubSecurity #heroku #travisci could have atleast sent emails regarding this, didn't even knew this until checked on our own.

@GitHubSecurity Thanks for the heads up.