HQ/EMEAFind out how we can help your business
Sourcegraph, an artificial intelligence coding platform, confirmed that unauthorised individuals had breached their website using a leaked site-admin access token. Based on reports, the threat actors utilised the leaked token late last month to generate a new site-admin account and log into the admin dashboard of the firm’s website called Sourcegraph.com.
The affected entity’s security team discovered the breach after they noticed a significant increase in API usage, which they described as isolated and unusual.
Additionally, the attackers switched their fake account privileges several times to analyse Sourcegraph’s system after acquiring access to the website’s admin dashboard. They have also leveraged their access to mimic a user to obtain access to the admin console of Sourcegraph’s system.
The malicious user generated a proxy application that allowed the users to call Sourcegraph’s APIs and exploit the LLM directory. Threat actors also prompted users to create a free Sourcegraph.com account, generate access tokens, and request that the attacks increase their rate cap.
Sourcegraph claimed that the attackers did not obtain critical information.
Sourcegraph explained that the attackers who acquired access to their systems reached basic customer information, such as names, email addresses, and license keys.
The company added that the attackers did not acquire sensitive data like emails, passwords, usernames, private codes, or PIIs. A Sourcegraph statement claimed that its security did not observe any alteration or modification to its stored personal data.
However, the unauthorised user could have viewed and scanned the domain and potentially taken screenshots that they could use for further campaigns. The company said that the actors had not viewed their customers’ private data or code during the incident.
The company is confident that the actors have not reached the information since it is in an isolated environment, which could not be impacted. Sourcegraph deactivated the attacked-controlled admin account and temporarily lowered API rate limits applicable to all free community users.
Finally, the company rotated the license keys that could have been potentially exposed in the incident. Experts still suggest that users should be vigilant with incoming messages as the threat actors could have taken some basic details during their time inside Sourcegraph.
