But users paid for it with their data.
Using an authentication key that was accidentally published in Sourcegraph's open source code, the attacker gained administrative access to the platform's functions. This resulted in a leak of data from the servers, including license keys, names, and email addresses of paid users. Free users also lost their email addresses. However, the private code, passwords, and other sensitive data were not compromised.
Sourcegraph is used by many well-known companies, such as Uber to speed up development and improve code quality, and Dropbox, which uses Sourcegraph to index and analyze code in all Dropbox repositories.
The hacker suggested that users register on Sourcegraph, create access tokens, and increase their privilege level. The cybercriminal's call led to a sharp increase in the number of requests to the Sourcegraph API, which are usually restricted for free accounts. The hack was revealed on August 30, after which user access was revoked, and an internal investigation was launched.
Using an authentication key that was accidentally published in Sourcegraph's open source code, the attacker gained administrative access to the platform's functions. This resulted in a leak of data from the servers, including license keys, names, and email addresses of paid users. Free users also lost their email addresses. However, the private code, passwords, and other sensitive data were not compromised.
Sourcegraph is used by many well-known companies, such as Uber to speed up development and improve code quality, and Dropbox, which uses Sourcegraph to index and analyze code in all Dropbox repositories.
The hacker suggested that users register on Sourcegraph, create access tokens, and increase their privilege level. The cybercriminal's call led to a sharp increase in the number of requests to the Sourcegraph API, which are usually restricted for free accounts. The hack was revealed on August 30, after which user access was revoked, and an internal investigation was launched.
