Developer tools provider DeepSource has recently reset login credentials of employee accounts and users after a cyber attack. The incident happened as a result of a phishing attack on an employee’s account
DeepSource Phishing Attack
Reportedly, DeepSource has reset login credentials and some other details of users’ and employees’ accounts.
As revealed via their security notice, DeepSource received an alert from GitHub regarding malicious activity against the service’s GitHub app. As stated,
The GitHub Security team had observed a large number of requests from unusual IP addresses for many distinct DeepSource users starting in mid-June, which stood out as anomalous.
Following this alert, GitHub reached out to DeepSource sharing more information about the incident. It turned out that the incident happened due to a phishing attack affecting a DeepSource employee’s GitHub account.
This account precisely fell prey to the Sawfishing phishing campaign that targeted GitHub users back in April 2020. Consequently, the attackers gained access to DeepSource GitHub app credentials.
DeepSource Reset Login
After DeepSource came to know of the incident, they quickly reset login details and keys of employee accounts. Specifically mentioning about these changes, DeepSource stated,
We had rotated all user tokens, client secrets and private keys. Since we didn’t know the origin of the attack, we also rotated all credentials and keys of employees who had access to production systems.
Investigating the matter further revealed that the attack did not target DeepSource infrastructure. Nor did any security breach happen.
For now, DeepSource didn’t explicitly mention the exact number of users affected during the incident. It’s because GitHub hasn’t shared the details of attack victims to the service.
Nonetheless, they anticipate that GitHub will notify the respective users of the incident.
Besides resetting tokens and credentials, DeepSource also shared future plans regarding the launch of a bug bounty program and enhancing their security.
Let us know your thoughts in the comments.
Latest posts by Abeerah Hashim (see all)
- Malicious Apps Repeatedly Bypassed Apple App Notarization - October 26, 2020
- French IT Firm Sopra Steria Suffered Ransomware Attack - October 26, 2020
- Georgia County Voting System Suffered Ransomware Attack - October 26, 2020