"Over 12 Million Auth Secrets and Keys Leaked on GitHub in 2023"

According to cybersecurity researchers at GitGuardian, GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in more than 3 million public repositories in 2023, with most still valid after five days. GitGuardian sent out 1.8 million complimentary email alerts to those who exposed secrets, with only 1.8 percent of those contacted taking prompt action to address the issue. Account passwords, Application Programming Interface (API) keys, TLS/SSL certificates, encryption keys, cloud service credentials, OAuth tokens, and other sensitive data have been exposed, potentially giving external actors unlimited access to different private resources and services. This article continues to discuss key findings regarding the state of "secrets sprawl."

Bleeping Computer reports "Over 12 Million Auth Secrets and Keys Leaked on GitHub in 2023"

Submitted by grigby1