Unauthorized access to dozens of private repositories including 'npm' occurred on GitHub, what is the damage situation and countermeasures?

It was revealed that OAuth access tokens were leaked from the developer services ' Heroku ' and ' Travis CI ' used in cooperation with GitHub. GitHub has announced that the leak of access tokens has compromised dozens of private repositories, including the Node.js package management system npm .

Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/

Incident 2413 | Heroku Status
https://status.heroku.com/incidents/2413

The GitHub security team discovered unauthorized access to npm's private repository on April 12, 2022. As a result of investigating the cause of unauthorized access, access tokens to private repositories on GitHub have been leaked from the cloud platform for application development 'Heroku' and the automated test execution service 'Travis CI', and private repositories of dozens of organizations have been leaked. It turns out that you are suffering from unauthorized access.

According to GitHub, the two main damages to the npm project are 'unauthorized access and download to npm's private repository' and 'access to the npm package that exists on the storage service Amazon S3 ', and package changes and users. Access to the account has not been confirmed. GitHub has revoked the access token that was thought to have been leaked as a response to the damage, and is proceeding with the investigation in collaboration with Heroku and Travis CI.

Also, according to a statement released by Heroku, unauthorized downloads of GitHub private repositories managed by Heroku occurred on April 9, 2022. Heroku has revoked all existing access tokens by April 17, 2022 and has stopped issuing new access tokens.

Due to the expiration of access tokens and suspension of new issuance by Heroku, it is impossible to link Heroku and GitHub at the time of article creation. Heroku requires users to use services other than GitHub or deploy using Git until the issue is resolved. Please refer to the 'Disconnecting from GitHub' section on the following page for how to disconnect Heroku and GitHub.

GitHub Integration (Heroku GitHub Deploys) | Heroku Dev Center
https://devcenter.heroku.com/articles/github-integration

In addition, GitHub and Heroku encourage users to check their security logs to see if they have been compromised. If you are an individual user, you can check the security log by referring to the following documents.

Reviewing your security log --GitHub Docs
https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/reviewing-your-security-log

If you are using GitHub in your organization, you can check the log by referring to the following documents.

Reviewing the audit log for your organization --GitHub Docs
https://docs.github.com/en/organizations/keeping-your-organization-secure/managing-security-settings-for-your-organization/reviewing-the-audit-log-for-your-organization