Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens
GitHub has confirmed that hackers used stolen OAuth tokens in a cyber incident last week. GitHub also shared a timeline of breaches for April 2022, encompassing the information related to when threat actors gained access and stole private repositories belonging to dozens of organizations. GitHub stated that it does not believe that the attacker obtained the tokens through a compromise of its platform as the tokens are not stored by GitHub in a usable format. The OAuth is an open standard authorization framework or protocol for token-based authorization,
OAuth enables the end-user account information to be used by third-party services. OAuth does not share credentials, and instead uses unique tokens to provide identity when applications are interacting with each other. Incidents in which OAuth tokens are stolen by adversaries are somewhat common, according to cybersecurity researchers. GitHub has since revoked the token access and the affected organizations have been advised to monitor audit logs for malicious activity.