Free Video Downloader

Fast and free all in one video downloader

For Example: https://www.youtube.com/watch?v=OLCJYT5y8Bo

1

Copy shareable video URL

2

Paste it into the field

3

Click to download button


Mintlify says customer GitHub tokens exposed in data breach
March 27, 2024

Mintlify says customer GitHub tokens exposed in data breach

Reading Time: 2 minutes

Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week.

Mintlify helps developers create documentation for their software and source code by requesting access and tapping directly into the customer’s GitHub source code repositories. Mintlify counts fintech, database and AI startups as customers.

In a blog post Monday, Mintlify blamed its March 1 incident on a vulnerability in its own systems, but said 91 of its customers had their GitHub tokens compromised as a result.

These private tokens allow GitHub users to share their account access with third parties apps, including companies like Mintlify. If these tokens are stolen, an attacker could obtain the same level of access to a person’s source code as the token permits.

‘The users have been notified, and we’re working with GitHub to identify whether the tokens were used to access private repositories,’ Mintlify co-founder Han Wang wrote in a blog post.

News of the incident became public last week when some users on Reddit and Hacker News commented after getting an email from Mintlify on Friday about the incident, days after the company’s blog post initially told customers that ‘no further action is required on your part.’

In a post discussing the breach on Hacker News, Wang said a vulnerability in its systems was leaking the company’s internal admin credentials to customers. Those credentials could then be used to access the company’s internal endpoints to access other unspecified sensitive user information, Wang said.

Wang said that the company was in the process of deprecating the use of private tokens ‘to prevent an incident like this from ever happening again.’

While the blog post describes the person who discovered the vulnerability as a bug bounty reporter, the company’s co-founder Wang described the events as malicious.

‘Investigations with one impacted customer revealed that the leaked token was likely not used by the attacker. We are currently working with GitHub and our customers to uncover if any of the other tokens were used by the attacker,’ Wang said.

Reference: https://techcrunch.com/2024/03/18/mintlify-customer-github-tokens-data-breach/

Ref: techcrunch

MediaDownloader.net -> Free Online Video Downloader, Download Any Video From YouTube, VK, Vimeo, Twitter, Twitch, Tumblr, Tiktok, Telegram, TED, Streamable, Soundcloud, Snapchat, Share, Rumble, Reddit, PuhuTV, Pinterest, Periscope, Ok.ru, MxTakatak, Mixcloud, Mashable, LinkedIn, Likee, Kwai, Izlesene, Instagram, Imgur, IMDB, Ifunny, Gaana, Flickr, Febspot, Facebook, ESPN, Douyin, Dailymotion, Buzzfeed, BluTV, Blogger, Bitchute, Bilibili, Bandcamp, Akıllı, 9GAG

Leave a Reply

Your email address will not be published. Required fields are marked *