Over 100,000 GitHub repos have leaked API or cryptographic keys Thousands of new API or cryptographic keys leak via GitHub projects every day March 21, 2019 https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-cryptographic-keys/ Paper: "How Bad Can It Git? Characterizing Secret Leakage in Public GitHub Repositories" (PDF - 413 KB): https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_04B-3_Meli_paper.pdf
GitLab now automatically warns against merging API keys into your codebase March 22, 2019 https://thenextweb.com/dd/2019/03/2...-against-merging-api-keys-into-your-codebase/
It takes hackers 1 minute to find and abuse credentials exposed on GitHub We set up a honeypot by publishing AWS credentials October 1, 2020 https://www.comparitech.com/blog/information-security/github-honeypot/
Driftwood debuts: New open source tool hunts for leaked public-private key pairs The tool will help security professionals find compromised TLS keys and sensitive keys tied to GitHub accounts November 12, 2021 https://portswigger.net/daily-swig/...ool-hunts-for-leaked-public-private-key-pairs Truffle Security: Driftwood: Know if Private Keys are Sensitive