GitHub Accounts Breached…Again

Yoni Shohet
January 6, 2023
Time icon
xxx
min read
Share
GitHub Accounts Breached…Again

Over the holiday weekend, the popular messaging app vendor Slack was notified of a breach of their GitHub account. Upon investigation it was determined that stolen Slack employee tokens had been used to gain access to private Slack code repositories. Fortunately, no customer data was compromised.

Sound familiar? In the past year, there has been a spike in the number of attacks targeting GitHub customers. We wrote a blog post in April of last year about a breach where attackers had stolen OAuth user tokens issued to third-party vendors, Heroku and Travis-CI which were then used to download private data repositories from dozens of GitHub customers, including GitHub itself. And this adds to Okta disclosing it’s code repositories were hacked, 130 Dropbox GitHub repositories that were stolen, and many more security alerts such as the recent phishing campaign disclosed by GitHub.

It is not surprising that these types of breaches occur given the ubiquity of GitHub use by software developers. As organizations are moving to the cloud and utilizing SaaS applications such as GitHub, the shared responsibility model requires them to continuously ensure proper security controls are enforced to protect their data. More users within the organization have administrative and sensitive privileges and security teams need to ensure they properly collaborate with them to implement security best practices.

To strengthen your GitHub security posture, it’s recommended to ensure:

  • Strong authentication with SAML, MFA or password policies
  • Reduce exposed publicly exposed GitHub source code repositories
  • Eliminate unnecessary SSH keys, OAuth Apps, GitHub Apps and Personal Access Tokens (PATs)
  • Enforce least privilege for human and non-human identities
  • Manage external access by contractors and third-party integrations using API access

GitHub is not the only SaaS application that has been targeted by malicious actors and to ensure you’re not caught up in the next breach, it’s recommended to implement a SaaS security platform that will monitor your SaaS mesh and help with SaaS security posture management (SSPM), SaaS-to-SaaS governance, data protection and security identities.

Latest Blogs

Top Security Recommendations for SaaS Applications

Top Security Recommendations for SaaS Applications

Secure SaaS to SaaS Supply chain Today | Valence security
Read more
Cloudflare Hacked Following Okta Compromise

Cloudflare Hacked Following Okta Compromise

Secure SaaS to SaaS Supply chain Today | Valence security
Read more
Empowering SaaS Incident Response with Valence and Microsoft Sentinel

Empowering SaaS Incident Response with Valence and Microsoft Sentinel

Secure SaaS to SaaS Supply chain Today | Valence security
Read more
Valence Security: Collaboratively remediate your SaaS security risks.
611 Gateway Blvd Ste 120, South San Francisco, CA 94080
Platform
Business User Engagement
SaaS Risk Remediation
SaaS Risk Management
Resources
SSPM
SaaS Breach Guide
SaaS Security Glossary
Company
Careers
Events
Trust Center
Latest News
Awards
Contact Us
info@valencesecurity.com
Login
Valence Linkedin profileValence Facebook profile
Schedule a Demo
Schedule a Demo
Copyright © 2024 Valence Security | All rights Reserved | Privacy Policy | Terms of Use |
SaaS to SaaS Supply chain security | Valence security-Close
Free SaaS Security Risk Assessment

Our SaaS Security experts will help you identify risks and recommend actions to secure your SaaS now.

Request Assessment