GitHub accounts stolen in ongoing phishing attacks

Bleeping Computer

GitHub users are currently being targeted by a phishing campaign specifically designed to collect and steal their credentials via landing pages mimicking GitHub’s login page. 

Besides taking over their accounts, the attackers are also immediately downloading the contents of private repositories, including but not limited to “those owned by organization accounts and other collaborators.”

If the attacker successfully steals GitHub user account credentials, they may quickly create GitHub personal access tokens or authorize OAuth applications on the account in order to preserve access in the event that the user changes their password.

GitHub’s Security Incident Response Team

GitHub’s SIRT published information on this ongoing phishing campaign dubbed Sawfish to increase awareness and allow users that might be targeted to protect their accounts and repositories.

Full article