Security · 1h ago
Ghost GitHub Accounts Used to Map Corporate Orgs
Datadog Security Labs warns of campaigns using dormant GitHub accounts to enumerate corporate organizations, repos, and users via the API. Attackers leverage years-old 'ghost' accounts or compromised OAuth tokens to blend in. The automated scraping uses custom or legitimate-sounding user agents to avoid detection.
Meridian48 take
The reliance on aged accounts highlights how attackers exploit trust in account history, making detection harder for security teams.
Read the full reporting
Dormant GitHub Accounts Help Attackers Blend In While Mapping Corporate Orgs →
The Hacker News
github-abusesupply-chain-security