Heroku Forces User Password Resets Following GitHub OAuth Token Theft,
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database.
The company, in an updated notification, revealed that a compromised token was abused to breach the database and « exfiltrate the hashed and salted passwords for customers’ user accounts. »
As a consequence, Salesforce
The company, in an updated notification, revealed that a compromised token was abused to breach the database and « exfiltrate the hashed and salted passwords for customers’ user accounts. »
As a consequence, Salesforce
,
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database.
The company, in an updated notification, revealed that a compromised token was abused to breach the database and « exfiltrate the hashed and salted passwords for customers’ user accounts. »
As a consequence, Salesforce
The company, in an updated notification, revealed that a compromised token was abused to breach the database and « exfiltrate the hashed and salted passwords for customers’ user accounts. »
As a consequence, Salesforce
, ,
https://thehackernews.com/2022/05/heroku-forces-user-password-resets.html