GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories. Since this campaign was first spotted on April ...

The attacker used stolen OAuth app tokens issued to Heroku and Travis-CI to breach GitHub.com customer accounts with authorized Heroku or Travis CI OAuth app integrations. GitHub's Chief Security ...

A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a “simple but high severity exploit” in Github. A Russian security ...

Security researchers spot new phishing campaign targeting GitHub users A fake "security alert" GitHub account was notifying users of suspicious logins The links in the notification all point to a ...

Learn More Last week, GitHub Security researchers reported that an unknown attacker is using stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organization ...

GitHub has revealed that dozens of organizations were compromised by a data thief that used stolen OAuth tokens to access their private repositories. The developer platform’s security team opened an ...

The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database. Waydev, a San Francisco-based company, runs a platform that can be used ...

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub. "[Our investigation] revealed that ...

Aqua Security researchers added: We found thousands of GitHub OAuth tokens. It’s safe to assume that at least 10-20% of them are live. Especially those that were found in recent logs.