From darkreading.com
![The front entrance of Salesforce Tower in New York, with cartoon figures of a pair of bears waving at the door](https://eu-images.contentstack.com/v3/assets/blt66983808af36a8ef/bltab918d7bd08690e9/63332a2edc43e645478e71e5/salesforcenyc-Robert_K_Chin_-_Storefronts-alamy.jpg?quality=80&format=jpg&width=690)
No one likes to hear the B-word: breach. Developers definitely don’t want to hear that word in relation to a platform they use day in and day out.
When GitHub revealed details about a security breach that allowed an unknown attacker to download data from dozens of private code repositories earlier this year, it was a nightmare scenario. Attackers were using information collected from GitHub to target two third-party cloud platforms-as-a-service (PaaS): Heroku and Travis CI.
Attackers had stolen OAuth tokens issued to Heroku and Travis CI and used them to access and download the contents of private repositories, GitHub found.