GitHub suffered a third-party breach after a malicious threat actor was discovered smuggling data out of the repository using stolen OAuth tokens.
OAuth tokens are a standard method for automating cloud services, such as code repositories and DevOps pipelines, explains Ray Kelly, Fellow at NTT Application Security. “These tokens are considered secrets for a good reason and are often “masked” with stars or not shown at all to help protect connected business services.”