Skip to content

Nearly 100,000 NPM Users’ Credentials Stolen in GitHub OAuth Breach

Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.
“Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure

Source:: The Hackers News