In 2023, a significant number of authentication keys, TLS/SSL certificates [1] [2] [3] [6] [7], OAuth tokens [1] [3] [6] [7], cloud service credentials [1] [3] [6] [7], and other secrets were inadvertently exposed on public GitHub repositories, impacting millions of repositories worldwide.
Description
A total of 12.8 million secrets were leaked, affecting over 3 million repositories [2] [7]. India [1] [2] [3] [6] [7], the United States [1] [2] [3], Brazil [1] [2] [3] [6] [7], China [1] [3] [6] [7], and France were the most affected countries. The IT sector accounted for the majority of exposed secrets, with Google API keys [2] [5] [7], MongoDB credentials [2] [5] [7], OpenWeatherMap tokens [5] [7], Telegrambot Bot tokens [5] [7], and Google Cloud keys being the most commonly leaked [7]. OpenAI API keys saw a substantial increase in exposure compared to the previous year. Despite notification efforts, only a small percentage of exposed secrets were revoked or removed by developers. Companies such as Riot Games, GitHub [1] [2] [3] [4] [5] [6] [7], OpenAI [1] [2] [3] [4] [6] [7], and AWS demonstrated effective response mechanisms. Compromised credentials were identified as the primary cause of half of the attacks in the first half of 2023. The leakiest countries included India [2] [6], the United States [1] [2] [3], Brazil [1] [2] [3] [6] [7], China [1] [3] [6] [7], France [1] [3] [6] [7], Canada [1] [3] [6], Vietnam [6], Indonesia [6], South Korea [6], and Germany [6]. A concerning trend was the persistence of “zombie leaks,” with the majority of exposed secrets remaining active days after the initial leak. GitHub implemented push protection by default to prevent accidental exposure of secrets [6].
Conclusion
The inadvertent exposure of sensitive information highlights the importance of robust security measures and prompt response to breaches. Developers and organizations must prioritize the protection of credentials to prevent unauthorized access and potential cyberattacks. Continued vigilance and proactive measures are essential to safeguard data and maintain the integrity of digital systems in the face of evolving threats.
References
[1] https://telegraph247.com/tech/millions-of-secrets-and-authentication-keys-were-leaked-on-github-last-year/
[2] https://www.redpacketsecurity.com/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023/
[3] https://www.techradar.com/pro/security/millions-of-secrets-and-auth-keys-were-leaked-on-github-last-year
[4] https://securityboulevard.com/2024/03/the-state-of-secrets-sprawl-2024/
[5] https://www.infosecurity-magazine.com/news/13-million-secrets-public-github/
[6] https://news.cloudsek.com/2024/03/github-users-expose-over-12-million-sensitive-secrets-in-2023-india-usa-and-brazil-lead-as-hotspots/
[7] https://www.scmagazine.com/brief/github-secrets-exposure-on-the-rise
