\n<\/p>\n
Documentation startup Mintlify says dozens of customers had GitHub tokens exposed in a data breach at the start of the month and publicly disclosed last week.<\/p>\n
Mintlify helps developers create documentation<\/a> for their software and source code by requesting access and tapping directly into the customer\u2019s GitHub source code repositories. Mintlify counts fintech, database and AI startups as customers.<\/p>\n In a blog post Monday, Mintlify blamed its March 1 incident on a vulnerability in its own systems, but said 91 of its customers had their GitHub tokens compromised as a result.<\/p>\n These private tokens allow GitHub users to share their account access with third parties apps, including companies like Mintlify. If these tokens are stolen, an attacker could obtain the same level of access to a person\u2019s source code as the token permits.<\/p>\n \u201cThe users have been notified, and we\u2019re working with GitHub to identify whether the tokens were used to access private repositories,\u201d Mintlify co-founder Han Wang wrote in a blog post<\/a>.<\/p>\n News of the incident became public last week when some users on Reddit and Hacker News commented after getting an email from Mintlify on Friday about the incident, days after the company\u2019s blog post initially told customers that \u201cno further action is required on your part.\u201d<\/p>\n