Mintlify Reports Customers’ GitHub Tokens were Compromised in a Data Breach

1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 5.00 out of 5)
Loading...
Mintlify Data Breach

91 GitHub tokens were made public because of a data breach. Mintlify has set up new security measures and revoked the tokens!

Mintlify, a documentation firm, has been shaken by a recent data breach that exposed the GitHub tokens of many of its customers.

It is recommended that users implement two-factor authentication and reset their passwords as part of Mintlify’s corrective actions.

In a blog post, Han Wang, co-founder of Mintlify, stated, “91 GitHub tokens were hacked, as we have discovered from our logs. The users have been informed, and we’re collaborating with GitHub to determine if the tokens were used to access private repositories.

About the Data Breach

Mintlify helps developers develop software documentation by requesting access to clients’ GitHub repositories, such as banking, databases, and artificial intelligence organizations.

A vulnerability in the company’s internal systems was identified as the cause of the data breach on March 1, 2024. This hack compromised 91 customers’ GitHub tokens, which could have enabled unauthorized access to confidential source code, as stated in the Mintlify blog post.

GitHub users can allow access to their accounts to third-party apps, such as Mintlify, because of these private tokens. An attacker could gain similar access to a person’s source code that the token allows if these tokens are stolen.

After further investigation, it was discovered that a customer’s repository could be accessed using hacked GitHub tokens; no evidence was found to indicate that additional repositories were affected.

“We received confirmation that GitHub tokens stored within our databases were used to access a customer’s repository. While we do not have evidence of any other such instances, we cannot confirm that none occurred, as mentioned in the blog post on Mintlify.

Mintlify’s Remediation Strategies to the Security Vulnerability

The primary actions that Mintlify took to prevent additional security breaches were – removing all GitHub user access tokens, implementing enhanced security measures, and identifying unauthorized access attempts originating from an unknown device. 

In addition, the admin access token issue was fixed. The organization is working with GitHub and clients to find out if the attacker utilized any additional tokens besides deprecating private tokens to prevent such instances.

“Our team has addressed the vulnerability and taken steps to secure our systems against similar incidents in the future,” Han Wang addressed. 

Janki Mehta

Janki Mehta

Janki Mehta is a passionate Cyber-Security Enthusiast who keenly monitors the latest developments in the Web/Cyber Security industry. She puts her knowledge into practice and helps web users by arming them with the necessary security measures to stay safe in the digital world.