Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This seems implausibly high. Is it including stuff like putting password=replaceme in an example config file?


Well ever since github switched from password auth to token only, it's been impractical to do anything but copy paste it from somewhere and have it cache/store instead of typing it in from memory every time like one could do with passwords. Probably one of the worse security decisions I've ever seen, reducing github security to the same kind of level that those corpo directives do that need password switching every month, so it's just kept on a post-it on the machine lol.

No surprise that they get leaked all the time now, though at least one can cancel them at any point... and then you have to spend an hour or two replacing the cached version everywhere.


If the numbers look suspicious to you, I would suggest you check what is found more specifically about your company/organization.

GitGuardian can provide an automatic audit of your company-specific leaks we found on GitHub. Just ask: https://www.gitguardian.com/complimentary-audit-secrets-leak...

More details on how it works: https://blog.gitguardian.com/github-secrets-leak-free-audit/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: