Follow
RT GitHub Security
GitHub has been actively investigating the attack campaign around stolen OAuth tokens, of which @npmjs was a victim organization. Today we’re sharing our final impact analysis for npm as well as additional findings.
GitHub Security: GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users.
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
https://twitter.com/GitHubSecurity/status/1530080447992107008
