Files deleted from GitHub repos leak valuable secrets

Security researcher Sharon Brizinov earned $64,000 in bug bounties after finding hundreds of secrets leaking in dozens of public GitHub repositories.

What makes Brizinov’s findings special is that the leaked secrets were found in files that had been deleted from the scanned repositories, which also reveals risks associated with a lack of appropriate actions when dealing with such leaks.

The issue his research brings to the spotlight is that developers may not be aware that Git retains copies of all files within a repository, even if they are no longer available in the working directory.

Read more at Security Week