Github Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI.
“Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications,” the