Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Given that all the stolen credentials were made public, I was hoping that someone would build a haveibeenpwned style site. We know we were compromised on at least a few tokens, but it would be nice to be able to search using a compromised token to find out what else leaked. We’ve rotated everything we could think of but not knowing if we’ve missed something sucks.


Reach out if you'd like me to check - I did the same for the trigger.dev team in fact[1].

(personal site linked in bio, who links you onward to my linkedin)

[1] https://x.com/ramimacisabird/status/1994598075520749640?s=20


Doesn't it publish the repos to your Github account? Just clone and look at what was stolen.


On the follow up Wiz blog they suggested that the exfiltration was cross-victim https://www.wiz.io/blog/shai-hulud-2-0-aftermath-ongoing-sup...


As the sibling comment said, the worm used stolen GitHub credentials from other victims, and randomly distributed the uploads between victims.

Also everything was double base64 encoded which makes it impossible to use GitHub search.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: