Code search and navigation platform Sourcegraph has disclosed a data breach resulting from an accidental leak of an admin access token by one of its engineers. The breach was discovered on August 30 after a significant increase in API usage prompted an investigation.
Although the admin access token was leaked in a July 14 commit, Sourcegraph clarified that no customer private data or code was viewed or modified during the incident. The company took immediate action to address the breach, including revoking the malicious user’s access, rotating potentially viewed customer license keys, temporarily reducing rate limits for free community users, and ongoing monitoring for suspicious activity.
The incident unfolded when a user elevated the privileges of a newly created Sourcegraph account on August 30, leading to unauthorized access to the admin dashboard.
A malicious user or an associate of the user created a proxy app to exploit Sourcegraph’s APIs, encouraging others to create free accounts, generate access tokens, and request a significant increase in their rate limits. This activity garnered attention, resulting in a spike in API usage. The malicious user, with admin privileges, potentially had access to certain data, including license key recipients’ names and email addresses, Sourcegraph license keys for some customers, and email addresses of Sourcegraph community users.
However, Sourcegraph stated that there is no evidence this data was viewed, modified, or copied during the incident. Sourcegraph emphasized that customer private data and code reside in isolated environments and were unaffected by the breach. The platform swiftly took measures to mitigate the situation and enhance security, underscoring the importance of continuous monitoring and proactive responses to cybersecurity incidents.
