Daily Brief

The website of the AI-powered coding platform Sourcegraph was breached using a leaked admin access token. The token was accidentally leaked online on July 14th, and an attacker used it on August 28th to create a new site-admin account. The breach was discovered after an increase in API usage was observed by Sourcegraph's security team. The attacker probed Sourcegraph's system by switching account privileges multiple times. Sourcegraph customers' information, including license keys, names, and email addresses, was accessed, but no sensitive data such as private code or passwords was exposed. Sourcegraph took immediate action by deactivating the malicious account, reducing API rate limits, and rotating potentially exposed license keys.