Millions of GitHub users are putting themselves and their organizations at risk by accidentally exposing sensitive data in public repositories.
A security firm called GitGuardian analyzed activity on GitHub in 2023 and found a shocking trend: over 12 million secret codes and login credentials were left out in the open. This included passwords, encryption keys, and access codes for cloud services.
These exposed secrets could be used by hackers to steal data, hijack accounts, or launch other attacks. The report says that a tiny fraction of users fixed the problem after being notified.
This isn’t a new issue, and it’s getting worse. GitGuardian says the number of leaked secrets they found on GitHub has been rising since 2020. The good news is that GitHub recently added a new feature to help prevent these accidents.
Let’s be clear: this is a wake-up call for GitHub users. Make sure you understand how to securely store sensitive data and take advantage of the new safeguards offered by GitHub.