Ninety-one of artificial intelligence-powered documentation startup Mintlify's customers had their private GitHub tokens impacted by a data breach that involved the exploitation of a system vulnerability at the beginning of the month, TechCrunch reports.
Such a security issue within Mintlify's systems facilitated the exposure of its internal admin credentials, which could be leveraged to enable internal endpoint compromise and further data exposure, said Mintlify co-founder Han Wang in a post on Hacker News. "Investigations with one impacted customer revealed that the leaked token was likely not used by the attacker. We are currently working with GitHub and our customers to uncover if any of the other tokens were used by the attacker," Wang noted. Individuals affected by the breach have already been informed by the startup, which is also moving to discourage private token usage to avert similar incidents in the future, added Wang.
