undefined | Better HN

0 pointsjeremyjh3y ago0 comments

They didn’t say that happened. I’m reading it as their DB was compromised and it’s contents included GH auth tokens.

0 comments

How do you read this as the database had tokens in it?

> Separately, our investigation also revealed that the same compromised token was leveraged to gain access to a database...

EDIT: Ah yep you're right. Two tokens in play there: one Heroku API token, one GitHub token. Phew.

j / k navigate · click thread line to collapse

0 pointsjeremyjh3y ago0 comments

They didn’t say that happened. I’m reading it as their DB was compromised and it’s contents included GH auth tokens.

How do you read this as the database had tokens in it?

> Separately, our investigation also revealed that the same compromised token was leveraged to gain access to a database...

EDIT: Ah yep you're right. Two tokens in play there: one Heroku API token, one GitHub token. Phew.

j / k navigate · click thread line to collapse