Police investigate mass leak of GitHub access tokens

Over 500 accounts believed to be affected as police issue security advisory

South Korea’s national police said Tuesday they had launched an investigation after confirming that a large number of personal access tokens that could be used to access private GitHub repositories had been exposed.

GitHub, a Microsoft-owned software development platform, allows companies and developers to store, manage and share source code. Personal access tokens, or PATs, are credentials used to authenticate users and grant access to repositories and other resources.

More than 500 accounts are believed to have been affected, according to local daily Chosun Ilbo.

Police warned that attackers could use the exposed tokens to obtain source code or internal information related to critical systems. Such information could then be used in further attacks or to steal personal data and confidential business information.

The National Office of Investigation at the National Police Agency issued a security advisory outlining urgent measures to prevent further damage.

Police also notified Microsoft, Interpol and companies whose accounts were affected, recommending that they take additional security measures.

Individuals and companies were advised to review access logs for suspicious activity over the past three months. Those who detect signs of unauthorized access should immediately revoke the exposed tokens and generate new ones, police said.

The advisory also recommended enabling two-factor authentication, limiting access privileges, avoiding the storage of credentials in source code, activating secret-scanning features and using IP allow-lists.

Police urged companies to conduct security checks on computers used by developers.

GitHub said it had revoked the exposed tokens and alerted affected users.

“This is a case in which attackers targeted not only corporate information and communications networks but also development infrastructure,” said Park Woo-hyun, a senior cyber investigation official at the NPA.

“We ask companies to report the matter immediately if they have suffered damage or detect any signs of a possible breach.”

  • Related Posts

    First lady meets Princess Anne, expresses hopes for cooperation on protection of children

    First lady Kim Hea Kyung met Britain’s Princess Anne on Wednesday and expressed hope for close cooperation between the two countries on the protection of children. Kim and Princess Anne…

    Lee says state's No. 1 duty is to safeguard people's lives

    President Lee Jae Myung said Wednesday that the state’s primary duty is to safeguard the safety and lives of the people, pledging that the government would do its utmost to…

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    You Missed

    Major umbrella union holds massive rally over subcontractor bargaining rights

    Major umbrella union holds massive rally over subcontractor bargaining rights

    Watch: Kim Hye Joon Has Her Boss Kang Hoon And Her Bias Cha Woo Min Falling For Her In “My Bias, My Boss”

    Watch: Kim Hye Joon Has Her Boss Kang Hoon And Her Bias Cha Woo Min Falling For Her In “My Bias, My Boss”

    Watch: AHOF Takes 1st Win For “RUN TO YOU” On “Show Champion”; Performances By RESCENE, VAYONN, And More

    Watch: AHOF Takes 1st Win For “RUN TO YOU” On “Show Champion”; Performances By RESCENE, VAYONN, And More

    First lady meets Princess Anne, expresses hopes for cooperation on protection of children

    First lady meets Princess Anne, expresses hopes for cooperation on protection of children

    Ateez stays on Billboard 200 for second consecutive week

    Ateez stays on Billboard 200 for second consecutive week

    Lee says state's No. 1 duty is to safeguard people's lives

    Lee says state's No. 1 duty is to safeguard people's lives