Author/Source: Ravie Lakshmanan See the full link here
**Takeaway**
This article discusses how attackers are using old, inactive GitHub accounts to secretly gather information about companies’ GitHub activity. They use these accounts to look at public repositories and user details without being noticed.
**Technical Subject Understandability**
Intermediate
**Analogy/Comparison**
This is like a burglar using old, unused keys to quietly check out a neighborhood without anyone noticing they’re not supposed to be there.
**Why It Matters**
This is important because attackers can use this collected information to plan bigger attacks against companies, potentially stealing private code or sensitive data. For example, attackers have successfully copied private code repositories in some cases.
**Related Terms**
GitHub API, OAuth tokens, personal access tokens (PATs), reconnaissance
**Jargon Conversion**
GitHub API: A way for programs to talk to GitHub to get information. OAuth tokens: Digital passes that let apps use your GitHub account without your password. Personal access tokens (PATs): Secret codes that give programs specific access to your GitHub account. Reconnaissance: The act of gathering information about a target before an attack.


Leave a comment