Hundreds of SSH Private Keys exposed via GitHub Search

GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. Last week, GitHub announced major upgrades to their site’s search engine. Few users pointed out that there is no shortage of embedded private SSH keys and passwords that can easily be found via the new GitHub feature. With access to SSH private keys, even source code of private organizations who use this service becomes accessible.

Takeaway: Organizations rush to release the “next gen” version of their product without proper testing and realizing the full impact—both good and bad—that it may have on its users.