Attackers breached GitHub accounts using stolen OAuth tokens

GitHub revealed that an attacker breached accounts using the stolen OAuth tokens to download data from organization accounts. This information was revealed after the GitHub Security team began an investigation on April 12th, 2022. The company also claimed that those abused tokens were issued to two 3rd-party OAuth integrators.