Ad End 1 August 2026
Ad End 4 july 2026
ad End 17 June 2026
ad End 25 July 2026
banner Expire 27 September 2026
adv exp at 20 April 2026
banner Expire 25 July 2025
Ads end 31 October 2026
What's new
Ad expires at 9 July 2026
Ads end 31 October 2026
Wizard's shop 2.0
RonalClub cc shop
Patrick Stash
Luki Crown
best shop
best shop

Hackers stole OAuth tokens from Waydev for GitHub and GitLab

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
8,081
Reaction score
1,053
Points
212
Awards
2
  • trusted user
  • Rich User
The attackers exploited a SQL injection vulnerability to gain access to the company's database.




Cybercriminals hacked the Waydev analytics platform used by software companies and stole OAuth tokens for GitHub and GitLab from the internal database.

American company Waydev operates a platform for tracking software development processes by analyzing Git-based codebases. To do this, Waydev launched a special application, after installing which the company receives an OAuth token for accessing projects of GitHub or GitLab clients. Waydev stores this token in its database and uses it daily to generate analytical reports.

Waydev CEO Alex Circei told ZDNet that the attackers exploited a hidden SQL injection vulnerability to gain access to the database, from where they stole OAuth tokens for GitHub and GitLab. With the help of tokens, criminals gained access to the code bases of other companies and the source code of their projects.

Experts released a fix for the vulnerability immediately after discovery on the same day. Together with GitHub and GitLab, they shut down the app, revoked all stolen OAuth tokens, and created new OAuth apps, denying hackers access to Waydev's GitHub and GitLab customer accounts.

Developers of financial app Dave.com and software testing service Flood.io have already reported the hack this month and blamed Waydev for the incidents.
 
Ad End 1 November 2024
Top