One boring day during the pandemic, security researcher Craig Hays decided to do an experiment. He wanted to leak an SSH username and password into a GitHub repository and see if any attacker might find it. Hays thought he'd have to wait a few days, maybe a week, before anyone noticed it. Reality proved more brutal. The first unauthorized login happened within 34 minutes. "The biggest eye-opener for me was how quickly it was exploited," he tells CSO.
[ Check out this checklist for minimizing damage from a data breach. | Get the latest from CSO by signing up for our newsletters. ]
To read this article in full, please click here
Support the originator by clicking the read the rest link below.