GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations.

The GitHub OAuth attack exposed a security blind spot in the ever-growing web of permissions spanning developers, service ...

Salesforce said that, once notified by GitHub last Wednesday, it disabled the compromised OAuth tokens and the account that they came from.

GitHub revealed today that an attacker is using stolen OAuth user tokens (issued to Heroku and Travis-CI) to download data from private repositories.

GitHub revealed details tied to last week’s incident where hackers, using stolen OAuth tokens, downloaded data from private repositories.

A Russian researcher was able to take five low severity OAuth bugs and string them together to create what he calls a “simple but high severity exploit” in Github.

GitHub employees also advised users to take appropriate security measures: Do not click on any links or respond to these emails. Never log in through unknown OAuth applications, as they can expose ...

An attacker who used stolen OAuth open standard authentication tokens from Heroku and Travis-CI was able to download private repositories and source code ahead of the Easter holidays.