Heroku hackers got account passwords via OAuth token theft

By on
Heroku hackers got account passwords via OAuth token theft

Hashed and salted user passwords exfiltrated.

Salesforce platform-as-a-service provider Heroku has revealed that the April hack, which saw OAuth tokens for Microsoft Github integration downloaded by a threat actor, went further than initally thought, with customer passwords exfiltrated as well.

Heroku this week forced resets for user passwords, and also disabled application programming interface (API) access tokens, but at the time did not say why.

The password reset was thought to be brought on by the early April hack, and Heroku has now said this is the case.

"Separately, our investigation also revealed that the same compromised token was leveraged to gain access to a database and exfiltrate the hashed and salted passwords for customers’ user accounts," Heroku said.

"For this reason, Salesforce is ensuring all Heroku user passwords are reset and potentially affected credentials are refreshed.

"We have rotated internal Heroku credentials and put additional detections in place," the PaaS provider added.

At the time of writing, the threat actor behind the compromise is not known, but Heroku said its investigation continues.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?