Attacker Accessed Dozens Of Repositories After OAuth Token Theft

By   ISBuzz Team
Writer , Information Security Buzz | Apr 21, 2022 11:23 am PST

Following the news that Attacker Accessed Dozens of Repositories After OAuth Token Theft, cyber security experts reacted below.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Yaniv Balmas
Yaniv Balmas , VP of Research
April 21, 2022 7:23 pm

To avoid this type of a security incident, organizations should be sure that they do not rely solely on APIs as their authentication material. In addition, unsecured API keys should not be left exposed in cloud storage or code repos like Git. With access to these credentials, attackers can gain unauthorized access to an API as a legitimate user or admin. Also, organizations should never hardcode API keys or other credentials into their applications or devices, which gives attackers yet another way to gain unauthorized access.

Last edited 1 year ago by Yaniv Balmas

Recent Posts

Would love your thoughts, please comment.x