Bleeping Computer

GitHub now can auto-block token and API key leaks for all repos

GitHub is now automatically blocking the leak of sensitive information like API keys and access tokens for all public code repositories. Today's announcement comes after the company introduced push ...
SiliconANGLE

Twitter warns developers of potentially exposed API keys and access tokens

Twitter Inc. is warning developers that their application programming interface key, user access tokens and token secrets for their own Twitter accounts may have been exposed in browser caches. In a ...
ZDNet

Heroku to begin user password reset almost a month after GitHub OAuth token theft

Heroku has alerted a "subset" of its users that it is going to reset their passwords on May 4 unless they change passwords beforehand. In resetting the password, the company is warning that existing ...
InfoWorld

Public package repos expose thousands of API security tokens—and they’re active

JFrog’s new Xray Secrets Detection uncovered active access tokens in popular open-source software registries including Docker, npm, and PyPI. Here are our findings and takeaways. As part of the ...

Security study finds thousands of API credentials exposed on the web for years

Researchers scan 10 million websites and uncover thousands of exposed API keys quietly granting access to cloud systems and ...
Dark Reading

Facebook Spam Botnet Promises 'Likes' for Access Tokens

Cyberattackers are using access tokens for legitimate Facebook apps as vehicles to spread spam on the apps' behalf. How do they do it? By tricking Facebook users into handing over their tokens in ...
Infosecurity-magazine.com

Stolen Access Tokens Lead to New Internet Archive Breach

Hours after the Internet Archive was reportedly back on its feet following a wave of cyber-attacks, it seems that the world’s largest digital library is in hot water again. On October 20, several ...