Another database compromise reported in GitHub, Heroku, OAuth tokens case

News
In a Thursday update to the stolen GitHub integration OAuth tokens case reported last month, Salesforce owned Heroku said the company’s investigation found that the same compromised token that was used in April’s attack was used to gain access to a database and exfiltrate the hashed and salted passwords of customer user accounts.

Credential management of the OAuth tokens was a big driver in this attack, and it’s coincidentally a part of the security recommendations from both GitHub and Heroku, said Corey O’Connor, director of products at DoControl. O’Connor said  in regard to the supply chain attack itself, beyond credential management, it would help to have better visibility across OAuth applications to understand which applications are installed including all sanctioned and unsanctioned apps.

“Event correlation, and extracting the business-context of all activity helps determine what is normal versus what presents risk,” O’Connor said. “Security teams also need to leverage that context and implement automated remediation to help aid in the prevention of unauthorized access to critical systems and applications.”

Read the full article
Get updates to your inbox
Our latest tips, insights, and news
DoControl - SaaS data access control - Linkedin logoDoControl - SaaS data access control - Twitter logo
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Our latest tips, insights, and news
Get updates to your inbox