Heroku fesses up to customer password theft due to OAuth token attack

Written by , APAC Editor Chris Duckett APAC Editor

Chris started his journalistic adventure in 2006 as the Editor of Builder AU after originally joining CBS as a programmer. After a Canadian sojourn, he returned in 2011 as the Editor of TechRepublic Australia, and is now the Australian Editor of ZDNet.

Full Bio

Heroku has explained why it emailed users with a sudden password reset warning earlier this week, and how it was due to the theft of OAuth tokens from GitHub.

“[Our investigation] revealed that the same compromised token was leveraged to gain access to a database and exfiltrate the hashed and salted passwords for customers’ user accounts,” the company said in its incident notification.

“For this reason, Salesforce is ensuring all Heroku user passwords are reset and potentially affected credentials are refreshed. We have rotated internal Heroku credentials and put additional detections in place. We are continuing to investigate the source of the token compromise.”

The company also said an attacker first gained access on April 7, two days before the previous earliest date of the attack made public

Read More: https://www.zdnet.com/article/heroku-fesses-up-to-customer-password-theft-due-to-oauth-token-attack/#ftag=RSSbaffb68