| ▲ | NoahZuniga 2 days ago | |
I find it hard to believe that they could have made $25k with this. There are companies that scan all commits on gh for secrets, using similar techniques for finding secrets in files. | ||
| ▲ | Sayrus 2 days ago | parent | next [-] | |
"70% of secrets leaked in 2022 remain valid today"[1] is a quote that should help understand the situation. [1] https://blog.gitguardian.com/the-state-of-secrets-sprawl-202... | ||
| ▲ | xarope 2 days ago | parent | prev | next [-] | |
this is specifically deleted commits, which even if locally are deleted, are not so on GH, hence why he was able to find deleted .envs etc. | ||
| ▲ | bashwizard a day ago | parent | prev | next [-] | |
I'm surprised that it's not more. I couple of years ago I spent a few months basically github dorking for leaked api keys and made more than that. | ||
| ▲ | wordofx 2 days ago | parent | prev [-] | |
Congrats on commenting without reading the article. | ||