Home Content News South Korean Police Uncover Major GitHub Token Leak

South Korean Police Uncover Major GitHub Token Leak

0
2
GitHub
GitHub

A large-scale GitHub token leak affecting more than 500 accounts has exposed new risks to the open-source software supply chain, prompting South Korean police to warn developers and organisations to secure compromised credentials immediately.

A large-scale leak of GitHub Personal Access Tokens (PATs) has exposed a growing security threat to the global open-source software supply chain, after South Korean police detected more than 500 compromised GitHub account credentials. GitHub, the world’s largest open-source software development platform, hosts millions of projects relied upon across the software industry.

Authorities have confirmed 370 affected accounts belonging to users in 54 countries, while more than 200 additional accounts are yet to be identified. The leaked authentication tokens could allow attackers to access repositories, compromise software development environments, steal source code, corporate secrets and personal information, and infiltrate critical systems through developer credentials.

The investigation began after police discovered that a suspect in an unrelated cybercrime case possessed another person’s GitHub token. The National Police Agency subsequently notified Microsoft, GitHub’s operator, shared the findings with Interpol, alerted affected organisations and issued a nationwide security advisory. More than 30 affected accounts belong to South Korean users, while investigators continue to determine whether the leaked credentials have already been exploited.

“We recently confirmed a large-scale leak of ‘personal access tokens,’ which are authentication credentials for accessing Github,” said the National Police Agency National Office of Investigation. “We are distributing a security advisory that includes urgent security measures and recommendations to prevent further damage.”

Park Woo-hyun, National Police Agency Cyber Investigation Deliberation Officer, said, “This case reveals that attackers are targeting not only corporate information networks but also development infrastructures, making swift security measures by companies and individual developers absolutely necessary.” He added, “We urge immediate reporting if any criminal damage or suspicious signs are detected.”

LEAVE A REPLY

Please enter your comment!
Please enter your name here