Follow
RT GitHub Security
GitHub has uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI. Read more about the impact to GitHub, npm, and our users.
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
https://twitter.com/GitHubSecurity/status/1515101093419646976
