I saw this happen in a couple of orgs I’m in that don’t use Travis, at least to ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jghn on Dec 8, 2022 \| parent \| context \| favorite \| on: Tell HN: Travis CI is seemingly compromised (once ... I saw this happen in a couple of orgs I’m in that don’t use Travis, at least to my knowledge

nstart on Dec 8, 2022 [–]

If a team member uses a personal token with Travis and the personal token can access private org repos, there’s a chance this can trigger.

jghn on Dec 8, 2022 | [–]

Absolutely. I hadn’t seen anything yet that was a smoking gun pointing at Travis. While it’s a likely candidate I wanted to voice that it might be another vector

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact