Conversation

Notices

GeniusMusing (geniusmusing@nu.federati.net)'s status on Saturday, 16-Apr-2022 22:01:23 EDT GeniusMusing

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators The GitHub Blog
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/

>On April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the impact to GitHub, npm, and our users.
>...
In conversation Saturday, 16-Apr-2022 22:01:23 EDT from nu.federati.net permalink
Attachments
1. Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
  
  By Mike Hanley from The GitHub Blog
  
  Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators
1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 16-Apr-2022 22:14:48 EDT lnxw48a1
  in reply to
  
  Oh sh*t.
  
  The one good thing is that they can revoke the OAuth tokens and immediately stop the cybercriminals' access to more data. The data that has already been exfiltrated can't be pulled back, however.
  
  In conversation Saturday, 16-Apr-2022 22:14:48 EDT from nu.federati.net permalink
  1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Saturday, 16-Apr-2022 23:50:36 EDT lnxw48a1
    in reply to
    
    I can understand if they somehow obtained one account's OAuth token(s), but multiple? Is the vulnerability in Heroku and Travis-CI, or is it in GitHub itself?
    
    Or were those organizations just careless about the equivalent of a randomly generated very long per-app password?
    
    In conversation Saturday, 16-Apr-2022 23:50:36 EDT from nu.federati.net permalink
    1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Sunday, 17-Apr-2022 07:44:11 EDT GeniusMusing
      in reply to
      
      @lnxw48a1
      Heroku Help
      https://help.heroku.com/
      
      >Heroku Security Notification
      >9 hours ago
      >
      >Subject: Heroku Security Update: OAuth token revoked
      >
      >At 5:00 p.m. PT on April 16, 2022, Salesforce completed the revocation of all OAuth tokens from the Heroku Dashboard GitHub integration. As mentioned previously, this will prevent you from deploying your apps from GitHub through the Heroku dashboard or via Heroku automation, and some other actions in the dashboard will no longer work. While you will be unable to reconnect to GitHub via the Heroku dashboard, you may continue to use other code deployment methods available in the following documentation:
      
      Nothing from Travis-CI.
      
      In conversation Sunday, 17-Apr-2022 07:44:11 EDT from nu.federati.net permalink
      1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Sunday, 17-Apr-2022 09:14:55 EDT lnxw48a1
        in reply to
        
        #TIL: #Salesforce owns #Heroku https://techcrunch.com/2010/12/08/breaking-salesforce-buys-heroku-for-212-million-in-cash/
        
        In conversation Sunday, 17-Apr-2022 09:14:55 EDT from nu.federati.net permalink
        Attachments
        
        Salesforce.com Buys Heroku For $212 Million In Cash
        
        By Robin Wauters from TechCrunch
        
        Salesforce.com has just announced that it is acquiring Heroku, which provides a Ruby application platform-as-a-service, for approximately $212 million in cash. That's one hell of an exit for the startup, which was founded in 2007 and has raised only $13 million in funding.

Public

Notices