In June 2022, GitHub disclosed the completion of notifications to users affected by a security breach involving the npm organization on GitHub, caused by stolen OAuth tokens from third-party integrators Heroku and Travis CI. The attack allowed access to npm infrastructure, resulting in the exfiltration of sensitive data, including a database backup containing npm user information from 2015 with usernames, password hashes, and email addresses for approximately 100,000 users, as well as private package manifests and metadata. Although GitHub found no evidence of modified or new versions of npm packages published by the attacker, they took measures to reset passwords for affected users and began notifying them directly. An unrelated internal discovery revealed that plaintext credentials were stored in GitHub’s internal logs, which was mitigated, and those logs were purged. GitHub assured users that necessary actions were taken to address both incidents and encouraged users to rotate their npm tokens and reset passwords for enhanced security.