Topics
Latest
AI
Amazon
Image Credits:TechCrunch
Apps
Biotech & Health
clime
Image Credits:TechCrunch
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
fundraise
contraption
Gaming
Government & Policy
Hardware
Layoffs
Media & Entertainment
Meta
Microsoft
secrecy
Robotics
security measures
societal
quad
Startups
TikTok
Transportation
Venture
More from TechCrunch
Events
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
adjoin Us
Documentation startup Mintlify says stacks of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week .
Mintlify helpsdevelopers make documentationfor their package and beginning codification by requesting access and tapping directly into the customer ’s GitHub author code repositories . Mintlify count fintech , database and AI startup as customer .
In a web log post Monday , Mintlify blame its March 1 incident on a exposure in its own system , but said 91 of its customers had their GitHub tokens compromised as a termination .
These private keepsake reserve GitHub users to deal their account approach with third parties apps , including companies like Mintlify . If these tokens are stolen , an attacker could prevail the same degree of access to a person ’s source codification as the souvenir Trachinotus falcatus .
“ The users have been apprise , and we ’re work with GitHub to identify whether the tokens were used to get at individual repositories , ” Mintlify atomic number 27 - beginner Han Wang wrotein a blog post .
News of the incident became public last week when some drug user on Reddit and Hacker News point out after getting an e-mail from Mintlify on Friday about the incident , 24-hour interval after the company ’s web log post ab initio tell apart customers that “ no further action is required on your part . ”
In a post discussing the breachon Hacker News , Wang said a exposure in its systems was leak the company ’s national admin credentials to customer . Those credentials could then be used to get at the company ’s internal endpoints to get at other unspecified sensitive user information , Wang said .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Wang said that the companionship was in the appendage of deprecating the purpose of private tokens “ to prevent an incident like this from ever happening again . ”
While the web log post delineate the somebody who hear the exposure as a bug bounteousness newsperson , the company ’s co - founder Wang described the events as malicious .
“ The targets of this attack were GitHub tokens of our user , ” Wang told TechCrunch by email .
“ investigation with one impacted customer revealed that the leak out token was in all likelihood not used by the aggressor . We are currently working with GitHub and our client to reveal if any of the other relic were used by the attacker , ” Wang say .
Mintlify taps AI to automatically generate documentation from codification
