Recent details reveal the root cause and impact of the GitHub Actions supply chain hack. The attack compromised the ‘tj-actions/changed-files' action, affecting over 23,000 repositories, allowing attackers to execute a script that could leak CI/CD secrets. Initial investigations identified the compromise of the ‘reviewdog/action-setup' action as the root cause, which inadvertently provided an attacker access to a personal access token. The attack initially targeted Coinbase but expanded to a broader scope, potentially affecting about 160,000 dependencies. However, only 218 repositories leaked sensitive information, primarily short-lived tokens. GitHub confirmed no evidence of system compromise and encouraged users to review actions before usage.
https://www.securityweek.com/impact-root-cause-of-github-actions-supply-chain-hack-revealed/