Sourcegraph Website Breach Traced to Leaked Admin Access Token

Sourcegraph, an AI-powered coding platform, has recently confirmed a breach of its website resulting from the unintended exposure of a site-admin access token.

This security lapse occurred on July 14th, but its exploitation by an attacker took place on August 28th, ultimately leading to unauthorized access and the creation of a new site-admin account on

Upon detecting an unusual surge in API usage, the security team at Sourcegraph swiftly uncovered the breach on the same day. The attack involved the use of the leaked access token to gain entry to the administrative dashboard of Sourcegraph’s website. The assailant, or an associated party, proceeded to manipulate their unauthorized account’s privileges in an attempt to exploit vulnerabilities within the company’s system.

Diego Comas, Sourcegraph’s Head of Security, shared details of the incident, revealing that the breach was linked to an access token inadvertently revealed in a pull request made on July 14. This token was exploited to impersonate a user and subsequently infiltrate the administrative console.

A proxy app was created, enabling direct calls to Sourcegraph’s APIs and harnessing the underlying LLM. Users were then prompted to generate access tokens after creating accounts on, significantly increasing their rate limit upon request by the malicious actor.

The compromised security incident exposed certain customer data, including names, email addresses, and license keys.

However, sensitive information like private code, passwords, and personally identifiable data remained secure. The breach did not result in any unauthorized modifications or copying of personal data, as stated by Comas.

Sourcegraph promptly responded to the breach by deactivating the malicious site-admin account, temporarily adjusting API rate limits for free community users, and initiating the rotation of potentially exposed license keys.

Sourcegraph, serving over 1.8 million software engineers globally, maintains a clientele that includes prominent organizations such as Uber, F5, Dropbox, Lyft, and Yelp. The breach serves as a reminder of the importance of robust security measures and vigilance to protect valuable data from unauthorized access.