An unknown attacker is using stolen OAuth user tokens to download data from private repositories on Github.
The attacker has already accessed and stolen data from dozens of victim organizations.
Github immediately took action and started notifying all the impacted users and organizations about the security breach.
TPRM report: https://scoringcyber.rankiteo.com/company/github
"id": "git102016422",
"linkid": "github",
"type": "Breach",
"date": "04/2022",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of a geographical region"{'affected_entities': [{'customers_affected': 'Dozens of victim organizations',
'industry': 'Software Development',
'name': 'Github',
'type': 'Organization'}],
'attack_vector': 'Stolen OAuth Tokens',
'data_breach': {'data_exfiltration': 'Yes',
'type_of_data_compromised': 'Private Repository Data'},
'description': 'An unknown attacker is using stolen OAuth user tokens to '
'download data from private repositories on Github. The '
'attacker has already accessed and stolen data from dozens of '
'victim organizations. Github immediately took action and '
'started notifying all the impacted users and organizations '
'about the security breach.',
'impact': {'data_compromised': 'Private Repository Data',
'systems_affected': 'Github Private Repositories'},
'initial_access_broker': {'entry_point': 'Stolen OAuth Tokens'},
'motivation': 'Data Theft',
'response': {'communication_strategy': 'Notifying impacted users and '
'organizations',
'containment_measures': 'Notifying impacted users and '
'organizations'},
'threat_actor': 'Unknown',
'title': 'Github OAuth Token Theft Incident',
'type': 'Data Breach',
'vulnerability_exploited': 'OAuth Token Theft'}