Home Cyber Attack DeepSource Reset Login Following Phishing Attack On Employee

DeepSource Reset Login Following Phishing Attack On Employee

by Abeerah Hashim
ZeroFont phishing campaign targets Microsoft Outlook

Developer tools provider DeepSource has recently reset login credentials of employee accounts and users after a cyber attack. The incident happened as a result of a phishing attack on an employee’s account

DeepSource Phishing Attack

Reportedly, DeepSource has reset login credentials and some other details of users’ and employees’ accounts.

As revealed via their security notice, DeepSource received an alert from GitHub regarding malicious activity against the service’s GitHub app. As stated,

The GitHub Security team had observed a large number of requests from unusual IP addresses for many distinct DeepSource users starting in mid-June, which stood out as anomalous.

Following this alert, GitHub reached out to DeepSource sharing more information about the incident. It turned out that the incident happened due to a phishing attack affecting a DeepSource employee’s GitHub account.

This account precisely fell prey to the Sawfishing phishing campaign that targeted GitHub users back in April 2020. Consequently, the attackers gained access to DeepSource GitHub app credentials.

DeepSource Reset Login

After DeepSource came to know of the incident, they quickly reset login details and keys of employee accounts. Specifically mentioning about these changes, DeepSource stated,

We had rotated all user tokens, client secrets and private keys. Since we didn’t know the origin of the attack, we also rotated all credentials and keys of employees who had access to production systems.

Investigating the matter further revealed that the attack did not target DeepSource infrastructure. Nor did any security breach happen.

For now, DeepSource didn’t explicitly mention the exact number of users affected during the incident. It’s because GitHub hasn’t shared the details of attack victims to the service.

Unfortunately, GitHub’s privacy policy prevents them from sharing the affected user list with us, so we are disclosing this issue publicly while waiting for GitHub to complete their investigation.

Nonetheless, they anticipate that GitHub will notify the respective users of the incident.

Besides resetting tokens and credentials, DeepSource also shared future plans regarding the launch of a bug bounty program and enhancing their security.

Let us know your thoughts in the comments.

You may also like