GitHub has disclosed a massive security breach affecting 40 million developer accounts, with attackers gaining access to private repositories, API tokens, and SSH keys through a compromised OAuth integration.
What Was Exposed
- 40 million developer accounts
- Private repository code for 12 million repos
- API tokens and SSH keys
- Email addresses and profile data
Immediate Actions
GitHub has forcibly rotated all OAuth tokens and is requiring all users to reset passwords and re-authorize SSH keys. Developers should audit their repositories for exposed secrets and rotate all API keys immediately.
