Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

DeepSource Says Hackers Compromised Its GitHub Application

Automated code review tool provider DeepSource this week announced that it reset tokens, secrets, private keys, and employee credentials after being informed that its GitHub application was compromised.

Automated code review tool provider DeepSource this week announced that it reset tokens, secrets, private keys, and employee credentials after being informed that its GitHub application was compromised.

Designed to help developers identify security flaws, bug risks, and performance issues during code review, DeepSource also provides integration with GitHub to allow app authors get started with code analysis fast.

On Tuesday, DeepSource announced that, on July 11, the GitHub Security Team informed them of potentially malicious activity related to the DeepSource GitHub application, and that precautionary measures to limit potential access to resources were taken immediately.

“By 7AM UTC, we had rotated all user tokens, client secrets and private keys. Since we didn’t know the origin of the attack, we also rotated all credentials and keys of employees who had access to production systems. Through internal investigation, we have not identified any unusual breach or behaviour, and have concluded that the DeepSource infrastructure has not been breached,” the startup announced.

Starting mid-June, the GitHub Security team observed numerous requests from unusual IP addresses for DeepSource users, but was not sure that a compromise had occurred, despite the anomalous traffic.

Following a deeper investigation, however, GitHub determined that hackers managed to compromise the GitHub account of one of DeepSource’s employees, as part of the Sawfish phishing campaign that was detected earlier this year.

Thus, the attackers managed to access credentials for the DeepSource GitHub app, the startup says.

“Unfortunately, GitHub’s privacy policy prevents them from sharing the affected user list with us, so we are disclosing this issue publicly while waiting for GitHub to complete their investigation. Our understanding is GitHub will notify the directly affected users as per their policies,” DeepSource notes.

Advertisement. Scroll to continue reading.

Users who would like to receive additional information on repository downloads and other account activity to identify suspicious behavior can head to this page and ask GitHub for the necessary logs.

DeepSource says that it has already engaged with industry security advisors and that it has taken measures to improve policies and security, including through conducting security training for its employees.

“Additionally we have started work towards gaining the SOC 2 Type 2 compliance certification, which will provide a path for third party auditors to ensure that DeepSource’s security practice exceeds industry standards,” the company announced.

To further improve security, DeepSource plans on launching a bug bounty program in the near future, to identify weaknesses in its assets, even if this incident is not the result of a vulnerability in the DeepSource application itself.

The startup also sent notifications to all of its users via email to inform them about the security incident.

Related: GitHub Warns Users of Sophisticated Phishing Campaign

Related: Cloud Company Blackbaud Pays Ransomware Operators to Avoid Data Leak

Related: Hackers Accessed, Downloaded Twitter User Data in Recent Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Cloud security startup Upwind has appointed Rinki Sethi as Chief Security Officer.

SAP security firm SecurityBridge announced the appointment of Roman Schubiger as the company’s new CRO.

Cybersecurity training and simulations provider SimSpace has appointed Peter Lee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.