Home Cyber Attack DeepSource Reset Login Following Phishing Attack On Employee
Cyber AttackHacking NewsLatest Cyber Security News | Network Security HackingNews

DeepSource Reset Login Following Phishing Attack On Employee

by Abeerah Hashim
written by Abeerah Hashim
ZeroFont phishing campaign targets Microsoft Outlook

Developer tools provider DeepSource has recently reset login credentials of employee accounts and users after a cyber attack. The incident happened as a result of a phishing attack on an employee’s account

DeepSource Phishing Attack

Reportedly, DeepSource has reset login credentials and some other details of users’ and employees’ accounts.

As revealed via their security notice, DeepSource received an alert from GitHub regarding malicious activity against the service’s GitHub app. As stated,

The GitHub Security team had observed a large number of requests from unusual IP addresses for many distinct DeepSource users starting in mid-June, which stood out as anomalous.

Following this alert, GitHub reached out to DeepSource sharing more information about the incident. It turned out that the incident happened due to a phishing attack affecting a DeepSource employee’s GitHub account.

This account precisely fell prey to the Sawfishing phishing campaign that targeted GitHub users back in April 2020. Consequently, the attackers gained access to DeepSource GitHub app credentials.

DeepSource Reset Login

After DeepSource came to know of the incident, they quickly reset login details and keys of employee accounts. Specifically mentioning about these changes, DeepSource stated,

We had rotated all user tokens, client secrets and private keys. Since we didn’t know the origin of the attack, we also rotated all credentials and keys of employees who had access to production systems.

Investigating the matter further revealed that the attack did not target DeepSource infrastructure. Nor did any security breach happen.

For now, DeepSource didn’t explicitly mention the exact number of users affected during the incident. It’s because GitHub hasn’t shared the details of attack victims to the service.

Unfortunately, GitHub’s privacy policy prevents them from sharing the affected user list with us, so we are disclosing this issue publicly while waiting for GitHub to complete their investigation.

Nonetheless, they anticipate that GitHub will notify the respective users of the incident.

Besides resetting tokens and credentials, DeepSource also shared future plans regarding the launch of a bug bounty program and enhancing their security.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses