Over the holiday weekend, the popular messaging app vendor Slack was notified of a breach of their GitHub account. Upon investigation it was determined that stolen Slack employee tokens had been used to gain access to private Slack code repositories. Fortunately, no customer data was compromised.
Sound familiar? In the past year, there has been a spike in the number of attacks targeting GitHub customers. We wrote a blog post in April of last year about a breach where attackers had stolen OAuth user tokens issued to third-party vendors, Heroku and Travis-CI which were then used to download private data repositories from dozens of GitHub customers, including GitHub itself. And this adds to Okta disclosing it’s code repositories were hacked, 130 Dropbox GitHub repositories that were stolen, and many more security alerts such as the recent phishing campaign disclosed by GitHub.
It is not surprising that these types of breaches occur given the ubiquity of GitHub use by software developers. As organizations are moving to the cloud and utilizing SaaS applications such as GitHub, the shared responsibility model requires them to continuously ensure proper security controls are enforced to protect their data. More users within the organization have administrative and sensitive privileges and security teams need to ensure they properly collaborate with them to implement security best practices.
To strengthen your GitHub security posture, it’s recommended to ensure:
- Strong authentication with SAML, MFA or password policies
- Reduce exposed publicly exposed GitHub source code repositories
- Eliminate unnecessary SSH keys, OAuth Apps, GitHub Apps and Personal Access Tokens (PATs)
- Enforce least privilege for human and non-human identities
- Manage external access by contractors and third-party integrations using API access
GitHub is not the only SaaS application that has been targeted by malicious actors and to ensure you’re not caught up in the next breach, it’s recommended to implement a SaaS security platform that will monitor your SaaS mesh and help with SaaS security posture management (SSPM), SaaS-to-SaaS governance, data protection and security identities.