Heroku: Cyberattacker Used Stolen OAuth Tokens to Steal Customer Account Credentials

The same attack that allowed a threat actor to steal data from private Heroku GitHub repositories also resulted in the compromise of customer credentials, the company now says.