Security News > 2022 > March > Adafruit suffers GitHub data breach – don’t let this happen to you

Popular open-source computer hardware company Adafruit Industries accidentally exposed customer data.

The inadvertent disclosure involved an auditing data set used for employee training becoming public, on a GitHub repository associated with an inactive former employee's account who was learning data analysis.

From the report, it sounds as though the results of the forensic analysis were inconclusive - the company wasn't able to specify with certainty whether the data was accessed or not, but it did comment: "[W]e are unaware of any actual misuse of the information".

If phishing criminals do have access to actual names, addresses and order details from a company database breach, then their fraudulent emails can be made even more believable by including genuine historical data as believable but bogus "Proof" that their scam warnings are real.

Numerous tools exist both for redacting genuine data so that it reflects reality without revealing personal details, and for generating realistic but artificial data that is suitable for training.

Especially don't upload it to personal cloud accounts, such as GitHub storage - even if your motivations are honest and your intentions impeccable - where the company can't fulfil its own data protection obligations, and can't reliably revoke your access to it if you leave.

News URL

https://nakedsecurity.sophos.com/2022/03/07/adafruit-suffers-github-data-breach-dont-let-this-happen-to-you/