2 min read

GitHub Explains How Attackers Compromised the NPM Repository and What Data Was Stolen

Silviu STAHIE

May 30, 2022

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
GitHub Explains How Attackers Compromised the NPM Repository and What Data Was Stolen

GitHub has offered a lot more details on the NPM data breach in April 2022 and explained how the attackers compromised the systems and what kind of data they stole.

The NPM repositories have been a point of contention in recent months. Some attackers used the platform to spread malware by hiding packages under names closely resembling the original ones. Also, GitHub announced sweeping changes to the entire repository by enforcing multi-factor authentication for all projects in an effort to curb man-in-the-middle attacks.

The April 2022 attack was more complex than bad actors simply abusing the naming system for some packages. According to the GitHub analysis, the attackers used OAuth user tokens issued to two third-party GitHub.com integrators, Heroku and Travis CI. They lifted a lot of important information, including user names, passwords and email addresses for at least 100,000 users, along with other files pertaining to packages in the repository.

This is a list of all stolen data GitHub offered:

· A backup of skimdb.npmjs.com containing data from April 7, 2021, with the following information:
· An archive of user information from 2015. This contained npm usernames, password hashes, and email addresses for roughly 100,000 npm users.
· All private npm package manifests and package metadata as of April 7, 2021.
· A series of CSVs containing an archive of all names and version numbers (semVer) of published versions of all npm private packages as of April 10, 2022.
· Private packages from two organizations.

There’s some good news. The investigation revealed that the threat actor didn’t modify or publish new packages in the repositories. Furthermore, some plaintext user credentials available in the internal logs after the NPM login systems integrated into GitHub have been purged.

Of course, GitHub reset the credentials of all compromised accounts, and the organizations that had private packages stolen were notified immediately.

One of the biggest problems in modern cybersecurity is human behavior. People tend to reuse passwords on multiple online services. If you used the same password on NPM and other online services, make sure to change them across the board and switch to unique passphrases for each one.

tags


Author



Right now

Top posts

What is medical identity theft and how to protect against it

What is medical identity theft and how to protect against it

July 27, 2022

2 min read
Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

Curious about Omegle? Here’s how the roulette-style chat platform can threaten your online privacy and security

July 07, 2022

5 min read
Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Chinese criminals scam kids desperate to play games for more than three hours a week Chinese criminals scam kids desperate to play games for more than three hours a week
Graham CLULEY

August 12, 2022

2 min read
Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach Sophisticated Smishing Attack on Twilio Leads to Employee Credential Leak and Data Breach
Silviu STAHIE

August 09, 2022

1 min read
Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down Attackers Hit German Chambers of Industry and Commerce; All Digital Services Down
Silviu STAHIE

August 05, 2022

1 min read