Blog
Category

Stolen OAuth tokens used to exfiltrate private data

By
Niranjan Maharajh
May 13, 2022
2
min read
Share this post

GitHub reported that threat actors used stolen OAuth user tokens to exfiltrate private data from several organizations. Threat actors abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm.

The threat actors allegedly obtained the AWS API key by downloading a set of unspecified private NPM repositories using the stolen OAuth token from one of the two affected OAuth applications. GitHub revoked the access tokens associated with the affected apps.

Threat actors may are harvesting sensitive data from private repositories using stolen OAuth token, known-affected OAuth applications as of April 15 are:

  • Heroku Dashboard (ID: 145909)
  • Heroku Dashboard (ID: 628778)
  • Heroku Dashboard – Preview (ID: 313468)
  • Heroku Dashboard – Classic (ID: 363831)
  • Travis CI (ID: 9216)

Read more here.

Share this post
Niranjan Maharajh

Similar articles

Post-Market Surveillance

Dutch Regulators on Post-Market Surveillance Compliance Issues

The Dutch Health and Youth Care Inspectorate (IGJ) recently conducted inspections of 13 medical device manufacturers based in the Netherlands and found that none fully complied with the Post-Market Surveillance (PMS) requirements outlined in the European Medical Devices Regulation (MDR) and In Vitro Diagnostic Medical Devices Regulation (IVDR).
Niranjan Maharajh
February 16, 2025
15
min read
Post-Market Surveillance

Medical Device Safety: The Rise of Active Postmarket Surveillance

Learn how the FDA is using real-world data to proactively monitor device safety and what it means for patients, providers, and manufacturers.
Irina Smith
January 12, 2025
10
min read
Post-Market Surveillance

Ultra-stealthy Linux backdoor gives remote access to any account

A previously undetectable Linux backdoor combines high levels of access with the ability to scrub any indication of infection from the file system, system activities, and network traffic. It was initially discovered in November and is known as Symbiote.
Niranjan Maharajh
April 1, 2024
1
min read
Post-Market Surveillance

Stolen OAuth tokens used to exfiltrate private data

Stolen OAuth tokens used to exfiltrate private data
Niranjan Maharajh
April 1, 2024
2
min read
View all

Try the Professional Plan Free for 2 Weeks!

Explore all features of PMM for 2 weeks to see how it can simplify your post-market surveillance. If you cancel before the trial ends, your credit card will not be charged

Let's get started

Contact:
support@postmarketmonitor.com
Book a demoBlogPricingContact
Sign InSign Up
Privacy PolicyTerms of Service