Thursday, 8 December 2022

New top story on Hacker News: Tell HN: Travis CI is seemingly compromised (once again)

Tell HN: Travis CI is seemingly compromised (once again)
3 by spondyl | 0 comments on Hacker News.
A number of Travis CI users appear to have had Travis CI tokens revoked by Github in response to suspicious activity surrounding token. Travis themselves have still not issued any notice or acknowledged this incident so it's worth letting the community know if they weren't already aware. From memory, this will be the second breach in 2022 (https://ift.tt/GfEt0H2) in addition to last year's secret exposure (https://ift.tt/etnC6U8) --- A sampling of users on Twitter who have run into this issue: https://twitter.com/peter_szilagyi/status/1600593274108055559 https://twitter.com/yaqwsx_cz/status/1600599797118996491 https://twitter.com/samonchain/status/1600611567606775808 https://twitter.com/dzarda_cz/status/1600613369408634886 https://twitter.com/samonchain/status/1600611567606775808 --- An example notice being sent out by Github (in lieu of Travis themselves taking any action): > Hi {username} > We're writing to let you know that we observed suspicious activity that suggests a threat actor used a Personal Access Token (PAT) associated with your account to access private repository metadata. > Out of an abundance of caution, we reset your account password and revoked all of your Personal Access Tokens (classic), OAuth App tokens, and GitHub App tokens to protect your account, {username}.

No comments:

Post a Comment