Is GitHub a New Wild, Wild West for Cybercriminals?


JULY 2019

By: Orhan Yildirim

For millions of software and systems developers around the world, GitHub is THE hub for accessing, sharing and otherwise collaborating with other developers to build new digital products and services.

GitHub is an American company that provides hosting for software development version control using Git. It is a subsidiary of Microsoft, which acquired the company in 2018 for $7.5 billion.

It offers all of the distributed version control and source code management (SCM) functionality of Git as well as adding its own features and provides access control and several collaboration features including bug tracking, feature requests, task management, and wikis for every project.

Free GitHub accounts are commonly used to host open-source projects, and as of May 2019, reports having over 37 million users and more than 100 million repositories, including at least 28 million public repositories, making it the largest host of source code in the world.

On February 28, 2018, GitHub was the target of the largest distributed denial-of-service (DDoS) attack in history.

Earlier this year, researchers at North Carolina State University recently discovered many thousands of leaked secrets and credentials.

Researchers Michael Meli, Matthew McNeice and Bradley Reaves scanned billions of GitHub files as part of an academic study that found that over 100,000 of the service’s code repositories contain exposed authentication secrets, such as cryptographic keys and API tokens, and thousands more repositories which are leaking new, unique secrets every day.

Researchers scanned nearly 13% of GitHub’s public repositories to collect this information.

In their scan, the researchers found 85,311 unique Google API keys, 37,781 unique RSA Private Keys and 47,814 unique Google OAuth IDs. The researchers also estimated that of the secrets enabled access to sensitive systems or data and their exposure caused real risk.

While the researchers didn’t release the names of specific organizations impacted, they did say that large, prominent enterprises were at risk. This included AWS credentials for a site used by millions of college applicants in the U.S. and AWS secrets for a major government agency in a Western European country.

As more and more digital transformation is driving more development and sharing on GitHub and other developer communities, companies like Microsoft, which owns and is now accountable for securing GitHub, can significantly improve the security of data, databases, and the networks that connect developers with their applications and data using Privileged Access Management, multi-factor authentication and other increasingly sophisticated means using security software build for the cloud.

To learn more about Ironsphere’s cloud security solutions, download our solution brief.

Similar Blogs

Mitigating Risks of Root Access for Superusers

Mitigating Risks of Root Access for Superusers

Depending on the nature of their work, IT superusers have or need root access to be efficient and productive. Creating a team of superusers makes sense, especially for large organizations, with thousands of servers under management. With a well-managed sysadmin team, their work can be streamlined, and mistakes can be reduced when the team shares the same root accounts on all servers.

read more
Decentralized PAM Advantages and Challenges: Keeping Organizations Secure from Edge to Cloud

Decentralized PAM Advantages and Challenges: Keeping Organizations Secure from Edge to Cloud

The debate on centralized vs. decentralized IT has been going on for decades, and there are solid arguments for both choices. The rise of the cloud changed everything, and today “shadow IT” continues to challenge CIOs and CISOs who are charged with protecting the assets of their organizations while also not restricting the number of productivity tools available which employees and contractors continue to find and use rather than using “official” applications.

read more