It takes hackers 1 minute to find and abuse credentials exposed on GitHub

Paul Bischoff reports on an issue and Jelle Ursem recently reported on: data being exposed because of code left in public repositories on GitHub (see our report about exposed protected health information in No Need to Hack When It’s Leaking). Bischoff writes that Comparitech researchers sought to find out how long it took hackers to find exposed data and then what they did with it, so Comparitech

 researchers created multiple accounts on Amazon Web Services (AWS) and GitHub. They then published user credentials such as AWS IDs and secret keys in public GitHub repositories. Using the AWS CloudTrail service, they then watched and logged attackers who used the credentials to access our AWS servers.

Read the results of their research on Comparitech.

About the author: Dissent

Comments are closed.