Hashed and salted passwords of customers were exfiltrated thanks to a stolen GitHub integration OAuth token.
