GitHub's private repositories not affected
https://www.bleepingcomputer.com/news/security/github-attacker-breached-dozens-of-orgs-using-stolen-oauth-tokens/
GitHub revealed today that an attacker is using stolen user tokens (issued to Heroku and Travis-CI OAuth) to download data from private repositories.
Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including npm.
GitHub's private repositories not affected
Apr 15, 2022, 11:16pm UTC
https://www.bleepingcomputer.com/news/security/github-attacker-breached-dozens-of-orgs-using-stolen-oauth-tokens/
> GitHub revealed today that an attacker is using stolen user tokens (issued to Heroku and Travis-CI OAuth) to download data from private repositories.
> Since this campaign was first spotted on April 12, 2022, the threat actor has already accessed and stolen data from dozens of victim organizations using Heroku and Travis-CI-maintained OAuth apps, including npm.