Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
July 27, 2020 07:23 pm

Hackers Stole GitHub and GitLab OAuth Tokens From Git Analytics Firm Waydev

Waydev, an analytics platform used by software companies, has disclosed a security breach that occurred earlier this month. From a report: The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database. Waydev, a San Francisco-based company, runs a platform that can be used to track software engineers' work output by analyzing Git-based codebases. To do this, Waydev runs a special app listed on the GitHub and GitLab app stores. When users install the app, Waydev receives an OAuth token that it can use to access its customers' GitHub or GitLab projects. Waydev stores this token in its database and uses it on a daily basis to generate analytical reports for its customers. Waydev CEO and co-founder Alex Circei told ZDNet today in a phone call that hackers used a blind SQL injection vulnerability to gain access to its database, from where they stole GitHub and GitLab OAuth tokens. The hackers then used some of these tokens to pivot to other companies' codebases and gain access to their source code projects.

Read more of this story at Slashdot.


Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/2BsodH97Q4U/hackers-stole-github-and-gitlab-oauth-tokens-from-git-analytics-firm-waydev

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot