Hackers stole OAuth tokens from Waydev for GitHub and GitLab

The attackers exploited a SQL injection vulnerability to gain access to the company’s database.

Cybercriminals hacked the Waydev analytics platform used by software companies and stole OAuth tokens for GitHub and GitLab from the internal database.

American company Waydev operates a platform for tracking software development processes by analyzing

Git-based codebases. To do this, Waydev launched a special application, after installing which the company

receives an OAuth token for accessing projects of GitHub or GitLab clients. Waydev stores this token in its

database and uses it daily to generate analytical reports.

Waydev CEO Alex Circei told ZDNet that the attackers exploited a hidden SQL injection vulnerability

to gain access to the database, from where they stole OAuth tokens for GitHub and GitLab. With the help

of tokens, criminals gained access to the code bases of other companies and the source code of their projects.

Experts released a fix for the vulnerability immediately after its discovery on the same day. Together with GitHub and GitLab, they shut down the app, revoked all stolen OAuth tokens, and created new OAuth apps, denying hackers

access to Waydev’s GitHub and GitLab customer accounts.

Developers of financial app Dave.com and software testing service Flood.io have already reported the hack this month and blamed Waydev for the incidents.

You can also buy instant:

Cashapp Money Transfer Click here

Paypal Money Transfer Click here

Western Union  Money Transfer Click here

Venmo Money Transfer Click here

Bank Money Transfer Click here to Contact Us