Security News > 2024 > March > 90% of exposed secrets on GitHub remain active for at least five days

90% of exposed secrets on GitHub remain active for at least five days
2024-03-15 05:30

12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian.

Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021.

In 2023 alone, over 1 million valid occurrences of Google API secrets, 250,000 Google Cloud secrets, and 140,000 AWS secrets were detected.

The research sheds light on an important security gap: upon discovering an exposed valid secret, 90% remain active for at least five days, even after the author is notified.

In support of this, the study found that in 2023, 12.4% of the 2,050 repositories taken down by GitHub exposed at least one secret, representing a 37.8% increase from 2020.

This year, GitGuardian expanded its investigation into the pervasiveness of leaked secrets within PyPI. In 2023, 11,054 unique secrets were exposed in package releases.


News URL

https://www.helpnetsecurity.com/2024/03/15/github-sensitive-information-exposure/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90