How corporate data and secrets leak from GitHub repositories

How corporate data and secrets leak from GitHub repositories

One boring day during the pandemic, security researcher Craig Hays decided to do an experiment. He wanted to leak an SSH username and password into a GitHub repository and see if any attacker might find it. Hays thought he'd have to wait a few days, maybe a week, before anyone noticed it. Reality proved more brutal. The first unauthorized login happened within 34 minutes. "The biggest eye-opener for me was how quickly it was exploited," he tells CSO.

[ Check out this checklist for minimizing damage from a data breach. | Get the latest from CSO by signing up for our newsletters. ]

To read this article in full, please click here



Support the originator by clicking the read the rest link below.