Pierluigi Paganini reports:
GitHub provided additional details about the incident that suffered in April, the attackers were able to steal nearly 100K NPM users’ credentials.
In April, GitHub uncovered threat actors using stolen OAuth user tokens to gain access to their repositories and download private data from several organizations.
[…]
The threat actors allegedly obtained the AWS API key by downloading a set of unspecified private NPM repositories using the stolen OAuth token from one of the two affected OAuth applications.
Read more at Security Affairs.