Unknown hackers have stolen OAuth tokens of GitHub and GitLab, from Waydev, Dave.com, and Flood.io to gain unauthorized access to their customers’ codebases. GitHub has warned few users of malicious access to their source codes via stolen OAuth tokens.
Companies and developers store their hard-worked codes in private repositories of GitHub or GitLab, to continue developing later or share with only a few authorized users. But with an OAuth token, anyone can access their private repositories.
OAuth token is an open standard token used by third-party services to share access of one’s data to others. Here, if the OAuth tokens generated by GitHub and GitLab are shared with someone, they’re allowed to view and modify the data presented in that specific account. Waydev, an analytics firm that tracks the output of a software engineer by analyzing his Git-based codebases, was breached earlier this month!
The breach occurred on July 3rd led hackers to steal the OAuth tokens, which Waydev received from GitHub and GitLab via the users’ permission. These tokens later used by hackers to gain access to their affected users’ (customers) GitHub repositories, which contained sensitive private work.
Waydev’s co-founder and CEO, Alex Circei, told ZDNet as hackers have exploited a blind SQL injection vulnerability in Waydev, which gave them access to their database where the company stores all of its customers’ OAuth tokens. The company has then patched this hole, revoked access to accounts, and informed relevant US authorities. Further, the company has also taken measures like;
- Monitoring all the activity,
- Reported the incident to authorities,
- Manual access – It is now impossible to create an account without approval from our
- security team, and
- Tokens are resetting two times a day.