Heroku hackers got account passwords via OAuth token theft

By

Hashed and salted user passwords exfiltrated.

Salesforce platform-as-a-service provider Heroku has revealed that the April hack, which saw OAuth tokens for Microsoft Github integration downloaded by a threat actor, went further than initally thought, with customer passwords exfiltrated as well.

Heroku hackers got account passwords via OAuth token theft

Heroku this week forced resets for user passwords, and also disabled application programming interface (API) access tokens, but at the time did not say why.

The password reset was thought to be brought on by the early April hack, and Heroku has now said this is the case.

"Separately, our investigation also revealed that the same compromised token was leveraged to gain access to a database and exfiltrate the hashed and salted passwords for customers’ user accounts," Heroku said.

"For this reason, Salesforce is ensuring all Heroku user passwords are reset and potentially affected credentials are refreshed.

"We have rotated internal Heroku credentials and put additional detections in place," the PaaS provider added.

At the time of writing, the threat actor behind the compromise is not known, but Heroku said its investigation continues.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?