Cloud-based repository hosting service GitHub on Friday shared additional details into the theft of GitHub integration OAuth tokens last month, noting that the attacker was able to access internal NPM data and its customer information.
“Using stolen OAuth user tokens originating from two third-party integrators, Heroku and Travis CI, the attacker was able to escalate access to NPM infrastructure

By admin