Sourcegraph, a code search and navigation platform, disclosed a data breach after an engineer accidentally leaked an admin access token. The breach was discovered on August 30 after a surge in API usage. The leaked token had broad privileges to view and modify account information. A user with elevated privileges gained unauthorized access to the admin dashboard. The malicious user created a proxy app allowing others to call Sourcegraph's APIs and generate access tokens. It is unclear if any data was viewed or copied, but license key recipients' names and email addresses could have been accessed. Hashtags: #Sourcegraph #DataBreach #Security

https://www.securityweek.com/sourcegraph-discloses-data-breach-following-access-token-leak/