Fasthub: Spurious Oauth Access

Same with me. Security logs show a long history of attempted access to my account followed by enabling FastHub Oauth.

Please follow on this: https://www.reddit.com/r/github/comments/aglt3z/i_just_had_fasthub_randomly_authorized_on_my/

Please do not close the issue and shunt the discussion to reddit. It makes the problem less visible, and gives the appearance that this issue has been solved, which it has not.

An outside entity is clearly using FastHub as an attack vector in some fashion, and until the problem has been investigated and mitigated, it should remain here. Reddit threads quickly fade from sight.

Sure so, could you post a screenshot of the email in here? All these claims so far I took them serious, however till now I haven't questioned anyone!.

Post a screenshot of it here and I'll reopen this ticket. Thanks.

Certainly.

I'd blur your creds there rurikid. You don't know whose looking at this page.

Guys, reset your password and enable 2FA. It would prevent most of unauthorized accesses in future.

@k0shk0sh, could an API key be leaked? Looks like a botnet which is trying to legalize accesses by using FastHub's key or a name.
All these spam messages in Issues... that's kinda weird and could be conntected with this breach.

+1 to this, this happened to me (I don't even use this account anymore) Password already changed

Already done, @dedepete. This is an old account and was created back before 2FA was a widespread thing for github.

It can definitely be breached by decompiling the app or listening to the traffic.

GitHub reply

I follow up with another two emails to GitHub, one to point to this thread and one to conclude that the accounts that are being hacked are old & inactive as it seem that everyone who had this reported that their account is years old and never been used.

Also guys, the hacker might just used the name FastHub but not the actual token of FastHub.

Rest assured, FastHub (me) never take data outside of the app. That's something I can guarantee with my life :)

So far GitHub didn't reply to any of my emails anymore! Perfect service I recon as usual!

Did they reply with anything guys?

I guess this should be resolved now!

@k0shk0sh so what can we do to prevent this in future?

@dedepete there is nothing really that we can do unfortunately, even if I encrypt the token, still someone can listen to traffic via Charles proxy and get it, or even create a token and give it a FastHub name and it should look like it was from FastHub, I believe that this attack was mainly to somehow give FastHub bad image otherwise honestly why would they use that name and not other GitHub apps such as octodroid for example!.

As soon as I finish up v5 I'll be taking seriously any kind of suspicious fork as a copyright issue or something like this.

The community unfortunately some of them doesn't get what other people has done to get their source code to be as famous as FH for example, the time I spent on this app after working hours, days and nights during hard times or happy times, I just don't get why people would behave so bad on something that was done to serve them!.

I honestly everyday I see something that demotivate me from continuing evolving this app.

Whoever did this, might have not listened to traffic. It was smart, the accounts were monitored for some time to see the activity, and so the unused accounts were hijacked. It is foolproof, the name, the scheme, it all. Who gets active again, gets their account back, who doesn't, well they have their passwords changed and so the hijacker has more accounts. The mistake was that once I gave authorization (not me, but the person who did this), right after my pass was changed. If I wouldn't have done anything, it would have stood changed. If I would have done something, which obviously I did, I get back my account

so guys, since GitHub have sorted this somehow i'm going to close this issue, please always use strong password and 2fa auth for everything you do on the internet, nothing is safe in this world anymore :p.