Sourcegraph has revealed that its website was breached this week due to a leaked site-admin access token.
The token leaked in the month of July 2023, but only after the August 28, 2023 for an attacker to use the token to create a new site-admin account and log into the admin dashboard of the company’s website.
The breach was discovered by Sourcegraph’s security team, which observed a significant increase in API usage, described as isolated and inorganic.
The threat actor entered the website’s admin panel and then repeatedly changed the rogue account’s privileges to investigate Sourcegraph’s system.
In a security update posted on August 30 on the company website:
The malicious user, or someone connected to them, created a proxy app allowing users to directly call Sourcegraph’s APIs and leverage the underlying LLM. Users were instructed to create free Sourcegraph.com accounts, generate access tokens, and then request the malicious user to greatly increase their rate limit.
The statement says, the promise of free access to Sourcegraph API promoted many to create accounts and start using the proxy app, generating close to 2 million views.
The attacker gained access to Sourcegraph customers’ information, including license keys, names, and email addresses of paying customers, while free-tier users had only their email addresses exposed.
The attack did not reveal any further sensitive client information, including private code, emails, passwords, usernames, or other PII. There are no indications that any of the exposed data was viewed, modified, or copied.
As soon as they realized there had been a security breach, Sourcegraph disabled the rogue site-admin account, temporarily lowered the API rate limitations that applied to everyone in the free community, and rotated any license keys that might have been compromised.