Following the news that Attacker Accessed Dozens of Repositories After OAuth Token Theft, cyber security experts reacted below.
To avoid this type of a security incident, organizations should be sure that they do not rely solely on APIs as their authentication material. In addition, unsecured API keys should not be left exposed in cloud storage or code repos like Git. With access to these credentials, attackers can gain unauthorized access to an API as a legitimate user or admin. Also, organizations should never hardcode API keys or other credentials into their applications or devices, which gives attackers yet another way to gain unauthorized access.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics