The cybersecurity experts over at GitGuardian sent out 1.8 million emails to people alerting them about secrets they may have exposed on GitHub in 2023. This came after 12.8 million authentication tokens and secrets were leaked on GitHub over the course of the year, and according to a report by Sophos, 50% of the attacks in the first half of 2023 were caused by compromised credentials.
With all of that having been said and now out of the way, it is important to note that the data that was leaked was highly sensitive in nature. It included things like authentication keys, account passwords, API keys, security certifications, encryption keys among many other types of data. Such a leak is highly dangerous because of the fact that this is the sort of thing that could potentially end up leading to massive financial losses down the line.
In spite of the fact that this is the case, only 1.8% of the people that received the email from GitGuardian actually went on to rectify the error that they made. Considering that 91.6% of these tokens were valid for up to 5 days after they were leaked, this has the potential to cause widespread fraud as well with all things having been considered and taken into account.
It bears mentioning that the trend has been going up in past few years when it comes to GitHub leaks. The number has more than doubled since 2021, when around 6 million instances of leaks were noted. It’s also essential to analyze which countries these leaks are actually coming from.
India had the dubious honor of coming out on top in this list followed by the US, with Brazil coming in third. 65.9% of the data pertained to the IT sector, with education comprising 20.1%, and various other sectors combined only representing just 14% of the total. This clearly indicates that the IT industry is at great risk due to these leaks, and the combination of a lack of remedial action combined with extended token validity might be to blame apart from the leaks themselves.
Read next: European Firms' AI Trends Revealed: Cornell Study Highlights Preference for Ready-Made Software
With all of that having been said and now out of the way, it is important to note that the data that was leaked was highly sensitive in nature. It included things like authentication keys, account passwords, API keys, security certifications, encryption keys among many other types of data. Such a leak is highly dangerous because of the fact that this is the sort of thing that could potentially end up leading to massive financial losses down the line.
In spite of the fact that this is the case, only 1.8% of the people that received the email from GitGuardian actually went on to rectify the error that they made. Considering that 91.6% of these tokens were valid for up to 5 days after they were leaked, this has the potential to cause widespread fraud as well with all things having been considered and taken into account.
It bears mentioning that the trend has been going up in past few years when it comes to GitHub leaks. The number has more than doubled since 2021, when around 6 million instances of leaks were noted. It’s also essential to analyze which countries these leaks are actually coming from.
India had the dubious honor of coming out on top in this list followed by the US, with Brazil coming in third. 65.9% of the data pertained to the IT sector, with education comprising 20.1%, and various other sectors combined only representing just 14% of the total. This clearly indicates that the IT industry is at great risk due to these leaks, and the combination of a lack of remedial action combined with extended token validity might be to blame apart from the leaks themselves.
Read next: European Firms' AI Trends Revealed: Cornell Study Highlights Preference for Ready-Made Software