GitHub has been scanning source code for some time now for API tokens. The troubling part is that they have found one billion tokens locked in the collective source code. What is good about it is that GitHub partners get notified so the exposed tokens are removed from circulation and prevents more break-ins. I have gotten one of these messages from stupid mistakes I have done and they are very professional and not judgmental at all. It made me think about my software design and how I can make it more secure.
Keys are tied to users, this means that the developer or organization could get into trouble and not the hacker. I would rather not have conversations with the authorities over something this simple to prevent.
For more information on the program, click the link below.
GitHub Token Scanning—one billion tokens identified and five new partners