Waydev - stolen customers’ GitHub and GitLab OAuth tokens
Date: 2020-07-02
Method: blind SQL injection to access its db, from where they stole GitHub and GitLab OAuth tokens.
Impact: Waydev’s customers got breached, ex: Dave.com,
Attacker:
Noteworthy: Waydev’s customers provide their GitHub and GitLab OAuth tokens. Once the attacker breached Waydev’s platform and get hold of customers’ GitHub and GitLab OAuth tokens, they can attack Waydev’s customers.
References
Security incident at Dave: “As the result of a breach at Waydev, one of Dave’s former third party service providers, a malicious party recently gained unauthorized access to certain user data at Dave, including user passwords that were stored in hashed form, using bcrypt, an industry-recognized hashing algorithm.”
Security incident at Tricentis Flood: “Our investigation determined that on 20 June 2020, unauthorized actors gained access to Flood’s backend systems via an exploitation of a verified, commercial application called Waydev, on the GitHub marketplace. Upon learning of the unauthorized access, the Flood team immediately implemented containment procedures, including scrambling all user passwords to force a password reset and rotating all user API tokens used for programmatic access to Flood.”