Over two million corporate secrets detected on public GitHub in 2020
GitGuardian announced the results of its 2021 State of Secrets Sprawl on GitHub report. The report, which is based on GitGuardian’s constant monitoring of every single commit pushed to public GitHub, indicates an alarming growth of 20% year-over-year in the number of secrets found. A growing volume of sensitive data - or secrets – such as API keys, private keys, certificates, username and passwords end up publicly exposed on GitHub, putting corporate security at risk as the vast majority of organizations are either ignoring the problem or poorly equipped to cope with it.
According to the report, 12% of leaks on GitHub occur within public repositories owned by organizations and 85% of the leaks occur on developer’s personal repositories. Secrets present in all these repositories can be either personal or corporate and this is where the risk lies for organizations as some of their corporate secrets are exposed publicly through their current or former developer’s personal repositories.