A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.

Build artifacts generated by GitHub Actions often contain access tokens that can be abused by attackers to push malicious code into projects or compromise cloud infrastructure.

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams' internal chats and other data at risk.

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories.

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub.

GitHub began the investigation into the stolen tokens on April 12, when the GitHub Security first identified unauthorized access to the NPM (Node Package Management) production infrastructure ...

Heroku to begin user password reset almost a month after GitHub OAuth token theft Heroku users urged to change password now before company does so, and notes it will wipe out all API access tokens.

Developers from hundreds of companies have included access tokens for their Slack accounts in public projects on GitHub, putting their teams' internal chats and other data at risk.