Security News > 2024 > March > 90% of exposed secrets on GitHub remain active for at least five days
12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian.
Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021.
In 2023 alone, over 1 million valid occurrences of Google API secrets, 250,000 Google Cloud secrets, and 140,000 AWS secrets were detected.
The research sheds light on an important security gap: upon discovering an exposed valid secret, 90% remain active for at least five days, even after the author is notified.
In support of this, the study found that in 2023, 12.4% of the 2,050 repositories taken down by GitHub exposed at least one secret, representing a 37.8% increase from 2020.
This year, GitGuardian expanded its investigation into the pervasiveness of leaked secrets within PyPI. In 2023, 11,054 unique secrets were exposed in package releases.
News URL
https://www.helpnetsecurity.com/2024/03/15/github-sensitive-information-exposure/