Tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs.

More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub. Attackers can use this sensitive data to launch massive cyberattacks and to move laterally in the cloud.

#cyber #threats #online #web #services #aws #credentials #github #travis #api #tokens #docker #databreach #informatique

https://blog.aquasec.com/travis-ci-security