GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to download data from private repositories belonging to npm and other orgs (Sergiu Gatlan/BleepingComputer)

Sergiu Gatlan / BleepingComputer:
GitHub says an attacker used stolen OAuth user tokens issued to Heroku and Travis-CI to download data from private repositories belonging to npm and other orgs  —  GitHub revealed today that an attacker is using stolen user tokens (issued to Heroku and Travis-CI OAuth) to download data from private repositories.