GitHub Private Repositories Breached After Theft of OAuth Tokens From External Sources
GitHub’s security team traced a breach of npm back to a stolen OAuth token, and the ensuing investigation turned up more stolen tokens and markers of access to private repositories.