< BACK TO NEWS
negativeSYS.SOURCE: The Hacker News2026-07-10T00:08:49+05:30

Exploitation of Dormant GitHub Accounts for Corporate Organization Reconnaissance

#GitHub#Cyber Attacks#API Security#Reconnaissance#Supply Chain Security

Attackers are leveraging dormant GitHub accounts and compromised tokens to systematically enumerate corporate GitHub organizations, repositories, and user data through API scraping. This method enables stealthy reconnaissance and potential access to private repositories by mimicking legitimate traffic patterns.

Datadog Security Labs is warning of "several overlapping campaigns" that are systematically enumerating corporate GitHub organizations, repositories, and user accounts through the GitHub API.

"Operators rely on automated scraping tooling with custom or legitimate-sounding user agents, leveraging GitHub 'ghost' accounts that are often years old, or compromised OAuth tokens and personal

Read original article

*** END OF TRANSMISSION ***