GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users. github.blog/2022-04-15-sec…
15
661
976
0
132
As of 5:00 PM UTC on April 27, 2022: Sharing the pattern of attacker activity on GitHub; we are in the process of sending the final expected notifications to GitHub[dot]com customers who had either the Heroku or Travis CI OAuth app integrations authorized. github.blog/2022-04-15-sec…