GitHub repos exposed API tokens and cryptographic keys exposed

A recent research study by academics of North Carolina State University (NCSU) has revealed that a few repos from GitHub had been leaking API tokens and cryptographic keys. The study analyzed more than a billion GitHub files which were spread across millions of repositories. The three-member team in the study specifically looked into text strings containing API tokens or cryptographic keys present in different formats.

The text strings across 15 different API token formats were analyzed in four cryptography key formats. The analyzed API formats came from 15

The API token formats considered came from 15 services belonging to 11 companies and, Google, Amazon, and Twitter were some of the popular companies that used the format. total of 575,456 API and cryptographic keys were found spread across more than a hundred thousand repos. 93 percent of these files came from a single-owner account.Although, there were some minor overlaps between scanned GitHub files, said the researchers.

Apart from finding API tokens and cryptography keys, the researchers also found almost 7000 RSA keys inside OpenVPN config files. Their analysis showed that most users turned off password authentication and relied on these RSA keys for authorization. This can lead to the possibility of attackers using these keys to infiltrate thousands of private networks.