An attacker accidentally used an authentication key included in Sourcegraph’s public code and gained administrative privileges. As a result of the attack, data on the servers were exposed, including license keys for paying users, the names and email addresses of license key holders. Email addresses of non-paying users were exposed. Fortunately, closed codes, passwords and other sensitive data remained inaccessible.
The hacker asked users to create Sourcegraph accounts, generate access tokens and elevate their privileges. This has resulted in an increase in calls to the Sourcegraph API, which is often limited to free accounts. The hack was discovered on August 30, which resulted in access being revoked and an internal investigation carried out.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
