By using this site, you agree to our use of cookies, which we use to analyse our traffic in accordance with our Privacy Policy. We also share information about your use of our site with our analytics partners.

News

ConsenSys affected by stolen OAuth attack campaign

by ConsenSysApril 22, 2022
ConsenSys affected by stolen OAuth attack campaign

We were alerted by GitHub to a security issue, which would allow an unauthorized third party to gain access to and clone GitHub repositories using Travis-CI applications, an integrator commonly used for code testing and development. As a user of Travis-CI, we immediately initiated an investigation to determine whether this event has impacted our customers. Upon review, we believe a small number of our professional services customers may have been impacted and we have taken immediate steps to both communicate with those customers and where and if relevant, undertake any precautionary measures such as refreshing any security tokens or API keys. 

No private information related to MetaMask was made available and the Infura service has not been impacted. Further, we don’t have any reason to believe any customer business or personally identifiable data is impacted by the Github issue at this time, only code. 

We take the security of our customers’ code and information very seriously, and will continue to work closely with them on this matter and update them as our investigation proceeds.  Consensys customers can contact us if they have questions at [email protected]. We urge all others to immediately review their own Github repositories to evaluate whether or not this issue has impacted their own repositories.