Attacker Accessed Dozens Of Repositories After OAuth Token Theft

Following the news that Attacker Accessed Dozens of Repositories After OAuth Token Theft, cyber security experts reacted below.

Experts Comments

April 21, 2022
Yaniv Balmas
VP of Research
Salt Security

To avoid this type of a security incident, organizations should be sure that they do not rely solely on APIs as their authentication material. In addition, unsecured API keys should not be left exposed in cloud storage or code repos like Git. With access to these credentials, attackers can gain unauthorized access to an API as a legitimate user or admin. Also, organizations should never hardcode API keys or other credentials into their applications or devices, which gives attackers yet another

.....Read More

To avoid this type of a security incident, organizations should be sure that they do not rely solely on APIs as their authentication material. In addition, unsecured API keys should not be left exposed in cloud storage or code repos like Git. With access to these credentials, attackers can gain unauthorized access to an API as a legitimate user or admin. Also, organizations should never hardcode API keys or other credentials into their applications or devices, which gives attackers yet another way to gain unauthorized access.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.