Waydev, an analytics platform used by software companies, disclosed a security breach.
Waydev, a San Francisco-based company, runs a platform that can be used to track software engineers' work output by analyzing Git-based codebases.
Hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database.
The hackers then used some of the tokens to pivot to other companies' codebases and gain access to their source code projects.
The hackers appear to have gained access only to a small subset of its customer codebases.
TPRM report: https://scoringcyber.rankiteo.com/company/waydev
"id": "way212713123",
"linkid": "waydev",
"type": "Breach",
"date": "07/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Technology',
'location': 'San Francisco',
'name': 'Waydev',
'type': 'Software Analytics Platform'}],
'attack_vector': 'Internal Database',
'data_breach': {'type_of_data_compromised': ['OAuth Tokens',
'Source Code Projects']},
'description': "Hackers broke into Waydev's platform and stole GitHub and "
'GitLab OAuth tokens from its internal database. The hackers '
"then used some of the tokens to pivot to other companies' "
'codebases and gain access to their source code projects.',
'impact': {'data_compromised': ['GitHub and GitLab OAuth Tokens',
'Source Code Projects'],
'systems_affected': ['Internal Database', 'Customer Codebases']},
'motivation': 'Unauthorized Access to Source Code',
'threat_actor': 'Unknown Hackers',
'title': 'Waydev Security Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'OAuth Tokens'}