GITHUB has released statistics regarding the 2024 leaks of confidential data, including encryption keys, DBMS passwords, and API access tokens. Throughout the year, more than 39 million instances of such leaks were identified. To enhance defense mechanisms against leaks, GitHub introduced new initiatives. Services like “Secret Protection” and “Code Security” are now available as standalone products, and GitHub Team implemented enhanced security testing tools for organizations. Free leak scanning is also offered for organizational projects.
Typically, confidential data is inadvertently left in code. For instance, files in repositories may contain DBMS passwords or access tokens added during testing but overlooked for removal from GIT changes. It is common for these sensitive data to remain in associated files with resources, such as pre-written files. Removal of these data in the source code must be a priority to prevent inadvertent exposure.