SecuritySecurity alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integratorsOn April 12, GitHub Security began an investigation that uncovered evidence that an attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including npm. Read on to learn more about the im
![Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators](https://cdn-ak-scissors.b.st-hatena.com/image/square/e682276a2eda6e3961c1361c95cc7f8e5ebec54f/height=288;version=1;width=512/https%3A%2F%2Fgithub.blog%2Fwp-content%2Fuploads%2F2022%2F04%2FEngineering-Security%402x.png%3Ffit%3D2400%252C1260)