Why is "secret" leaking a problem?
Developers today rely on the integration of multiple services to offer essential features to clients. To integrate these, developers handle incredibly sensitive “secrets”, such as login details, API keys, and private cryptographic keys used to protect confidential systems and data, such as payment systems, servers and intellectual property.
In order to build and refine the code needed to make such integrations work, more than 40 million developers, and almost 3 million businesses and organisations worldwide use GitHub, a public platform which lets developers share and collaboratively work on coding projects. The collaborative nature of this platform can also lead to “secret leakage” in which developers unwittingly expose sensitive company credentials to the public via their code repositories.
GitGuardian’s systems detect thousands of credential leaks per day. While some breaches are relatively low impact, many are of a highly critical nature and may put companies at significant risk; potentially giving hackers access to entire systems and classified databases.
In recent years, such breaches have led to billions of dollars wiped off company valuations and millions being paid in settlement costs and fines.
In 2019, half of company data breaches were found to be the result of account or credential hacking – higher than any other attack method among firms using cloud-based services.