Attacker Breach ‘Dozens’ of GitHub Repos Using Stolen OAuth Tokens

GitHub shared the timeline of breaches in April 2022, this timeline encompasses the information related to when a threat actor gained access and stole private repositories belonging to dozens of organizations.

GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories.

“We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats,” said Mike Hanley, chief security officer, GitHub.

The OAuth (Open Authorization) is an open standard authorization framework or protocol for token-based authorization on the internet. It enables the end-user account information to be used by third-party services, such as Facebook and Google.

OAuth doesn’t share credentials instead uses the authorization token to prove identity and acts as an intermediary to approve one application interacting with another.

Incidents of stolen or found OAuth tokens commandeered by adversaries are not uncommon.

Microsoft suffered an OAuth flaw in December 2021, where applications (Portfolios, O365 Secure Score, and Microsoft Trust Service) were vulnerable to authentication issues that enables attackers to takeover Azure accounts. In order

Read More: https://threatpost.com/github-repos-stolen-oauth-tokens/179427/