Attacker Accessed Dozens Of Repositories After OAuth Token Theft

Following the news that Attacker Accessed Dozens of Repositories After OAuth Token Theft, cyber security experts reacted below.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Yaniv Balmas
Yaniv Balmas , VP of Research
InfoSec Expert
April 21, 2022 7:23 pm

To avoid this type of a security incident, organizations should be sure that they do not rely solely on APIs as their authentication material. In addition, unsecured API keys should not be left exposed in cloud storage or code repos like Git. With access to these credentials, attackers can gain unauthorized access to an API as a legitimate user or admin. Also, organizations should never hardcode API keys or other credentials into their applications or devices, which gives attackers yet another way to gain unauthorized access.

Last edited 7 months ago by Yaniv Balmas
1
0
Would love your thoughts, please comment.x
()
x