Cybersecurity experts at GitGuardian reveal that GitHub users inadvertently exposed over 12.8 million authentication and sensitive secrets across 3 million public repositories in 2023. Despite warnings, only a small percentage of affected users took immediate action to address the issue, with a mere 1.8% responding promptly to correct the error. The exposed secrets encompassed a range of sensitive data, including account passwords, API keys, TLS/SSL certificates, encryption keys, and more, posing significant risks of data breaches and financial damage. A 2023 Sophos report underscored the severity of compromised credentials, attributing them as the root cause for 50% of recorded attacks in the first half of the year.
GitGuardian notes a concerning trend in secret exposure on GitHub, the world’s leading code hosting and collaboration platform, which has persisted since 2020. The “leakiest” countries in 2023 included India, the United States, Brazil, China, and France, among others, with the IT sector being the primary contributor to secret leaks, followed by education. Despite efforts to address the issue, a significant portion of exposed secrets remained valid even after five days, highlighting the persistent security challenges faced by GitHub users.
