OAuth tokens stolen from Git analytics firm Waydev were used to hack into Dave.com and Flood.io
We had reported how hackers managed to hack into Los Angeles-based fintech startup Dave.com webservers and steal personal identifiable information of 7.5 million users. Dave.com App was hacked into by the unknown hackers using the OAuth tokens stolen from a commercial Git analytics firm called Waydev.
The Waydev hack allowed the hackers to steal GitHub and GitLab OAuth tokens from its internal database. These OAuth tokens were used to hack into Dave.com and a software solutions provider, Flood.io.
Waydev is a San Francisco based Git analytics firm that offers companies services to analyze their codebase from Github, Gitlab, AzureDevops & Bitbucket. Using an App for GitHub and GitLab, the platform tracks software engineers’ work output for the client. According to a changelog posted by Waydev, the hackers breached into their internal servers on 3rd July using a blind SQL injection vulnerability.
Waydev has informed the law enforcement agencies about the data breach. It has also listed the IP address and email addresses of the hackers as below:
a. IP Addresses of the hacker: 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 185.161.210.xxx, 151.80.237.xxx, 185.161.210.xxx, 81.17.16.xxx, 190.226.217.xxx, 186.179.100.xxx, 102.186.7.xxx, 72.173.226.xxx, 27.94.243.xxx
b. User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
c. Email addresses:
i. [email protected]
ii. [email protected]
iii. [email protected]
iv. [email protected]
Waydev says that it has patched the vulnerability exploited by hackers on the same day. They have also delisted their GitHub and GitLabs app and revoked all affected OAuth tokens, and create new OAuth apps. GitHub sent an email to all the users that connected Waydev GitHub application, which included users affected and non-affected users.
If you are a Waydev client or user, contact them at [email protected] for further information.