"Hacker Gains Admin Control of Sourcegraph and Gives Free Access to the Masses"
An unidentified hacker gained administrative control of Sourcegraph, an Artificial Intelligence (AI)-powered service used by developers at Uber, Reddit, Dropbox, and other companies. Through this control, the hacker provided free access to resources normally requiring payment. In doing so, the hacker may have accessed Sourcegraph users' personal information. The exposed information for paid users included license keys, as well as the names and email addresses of license key holders. For non-paying users, the exposure was limited to email addresses associated with their accounts. The hacker gained administrative access by obtaining an authentication key that a Sourcegraph developer inadvertently included in code published to a public Sourcegraph instance hosted on Sourcegraph[.]com. After creating a standard user Sourcegraph account, the hacker used the token to grant the account administrator privileges. This article continues to discuss the administrative control of Sourcegraph gained by a hacker.
Ars Technica reports "Hacker Gains Admin Control of Sourcegraph and Gives Free Access to the Masses"