Threat Watch

Over 100,000 GitHub Repositories Exposing API Tokens & Cryptographic Keys

Researchers examined text strings of 15 different API token formats as well as four cryptography key formats. These token formats came from 15 separate services provided by 11 companies. Popular companies like Google, Amazon, and Twitter were found using these formats. The GitHub files were scanned from October 31st, 2017 until April 20th, 2018. It was found that the total of the API’s and cryptographic keys was 575,456 and they were spread out of 100,000 repositories. A single owner account is responsible for 93 percent of the files. More than 7,000 RSA keys were found within OpenVPN files. The majority of the users did not use passwords authentication; instead they relied on these RSA keys. Attackers could possibly use these keys to gain access to private networks. “We have discussed the results with GitHub. They initiated an internal project to detect and notify developers about leaked secrets right around the time we were wrapping up our study. This project was publicly acknowledged in October 2018,” said researchers.


This is a reminder for users to check their repositories and make sure they are not storing sensitive information within them. If there is information that they would not want being publicly released they should make sure the information is altered or changed.