Lessons From the GitHub Cybersecurity Breach

From darkreading.com

The front entrance of Salesforce Tower in New York, with cartoon figures of a pair of bears waving at the door

No one likes to hear the B-word: breach. Developers definitely don’t want to hear that word in relation to a platform they use day in and day out.

When GitHub revealed details about a security breach that allowed an unknown attacker to download data from dozens of private code repositories earlier this year, it was a nightmare scenario. Attackers were using information collected from GitHub to target two third-party cloud platforms-as-a-service (PaaS): Heroku and Travis CI.

Attackers had stolen OAuth tokens issued to Heroku and Travis CI and used them to access and download the contents of private repositories, GitHub found.

Read more…