"Access to the environment was gained by leveraging a compromised token for a Heroku machine account"
This is the equivalent of saying "the car was stolen because the car keys were laying on the kitchen table." They still don't know how they got into the house to get the car keys.
GitHub was just one branch that the attacker took to further access, another being the download of the accounts database. We don't know how many other things they did.
This is the equivalent of saying "the car was stolen because the car keys were laying on the kitchen table." They still don't know how they got into the house to get the car keys.
GitHub was just one branch that the attacker took to further access, another being the download of the accounts database. We don't know how many other things they did.