Authentication keys, TLS/SSL certificates, OAuth tokens, cloud service credentials, and other secrets leaked on GitHub reached 12.8 million last year, continuing the trend of an ever-increasing volume of exposed secrets across the major code hosting and collaboration platform since 2020, according to BleepingComputer.
Such secrets have been shared across more than 3 million public GitHub repositories, most of which had a validity exceeding five days, a report from GitGuardian revealed. India was the primary source of leaked secrets, followed by the U.S., Brazil, China, and France, while the IT sector had the highest secret exposures, with the education industry being a far second. Moreover, Google API keys, MongoDB credentials, OpenWeatherMap tokens, Telegrambot Bot tokens, and Google Cloud keys were the most prevalently shared secrets. Generative artificial intelligence technologies have also brought about an increase in secret exposure, with the volume of exposed OpenAI API keys rising by 1,212 times over 2022, researchers reported.