Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

GitHub finds 39M reasons to upgrade security

GitHub detected 39 million leaked API keys and credentials in 2024. New tools, AI scanning, and policy upgrades are now rolling out to fight back.

byKerem Gülen
April 3, 2025
in Cybersecurity, News
Home News Cybersecurity

GitHub is beefing up its security after finding a staggering 39 million secrets—API keys, credentials, the works—leaking from repositories in 2024. This exposure puts users and organizations at serious risk.

According to GitHub’s report, this massive leak was detected by its secret scanning service, which identifies exposed API keys, passwords, and tokens within repositories.

“Secret leaks remain one of the most common—and preventable—causes of security incidents,” GitHub stated in its announcement, noting, “As we develop code faster than ever previously imaginable, we’re leaking secrets faster than ever, too.”

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Despite measures like “Push Protection,” launched in April 2022 and enabled by default on public repositories in February 2024, secrets continue to leak due to developers prioritizing convenience when handling secrets during commits and accidental repository exposure through git history.

To combat these leaks, GitHub is rolling out several new measures and enhancements:

  • Standalone secret protection and code security: Available as separate products, these tools no longer require a full GitHub Advanced Security license, aiming to be more affordable for smaller teams.
  • Free organization-wide secret risk assessment: Checks all repositories (public, private, internal, and archived) for exposed secrets, available to all GitHub organizations at no cost.
  • Push protection with delegated bypass controls: Enhanced push protection scans for secrets before code is pushed and allows organizations to define who can bypass the protection, thus adding policy-level control.
  • Copilot-powered secret detection: GitHub is leveraging AI via Copilot to detect unstructured secrets like passwords, aiming to improve accuracy and lower false positives.
  • Improved detection via cloud provider partnerships: GitHub is collaborating with providers such as AWS, Google Cloud, and OpenAI to enhance the accuracy of secret detectors and speed up responses to leaks.

“As of today, our security products are available to purchase as standalone products for enterprises, enabling development teams to scale security quickly,” GitHub explained. “Previously, investing in secret scanning and push protection required purchasing a larger suite of security tools, which made it too expensive for many organizations.”


Court dismisses billion-dollar claims against GitHub Copilot


Beyond GitHub’s upgrades, users are urged to take proactive steps to safeguard against secret leaks. Recommendations include enabling Push Protection at the repository, organization, or enterprise level to preemptively block secrets. GitHub also suggests eliminating hardcoded secrets by using environment variables, secret managers, or vaults.

The platform further advises using tools integrated with CI/CD pipelines and cloud platforms for programmatic secret handling, minimizing error-prone human interaction and potential exposure.

Lastly, GitHub encourages users to review the ‘Best Practices’ guide for comprehensive secrets management.


Featured image credit

Tags: Github

Related Posts

Selected AI fraud prevention solutions – September 2025

Selected AI fraud prevention solutions – September 2025

September 22, 2025
A practical guide to connecting Microsoft Dynamics 365 CRM data using ODBC for advanced reporting and BI

A practical guide to connecting Microsoft Dynamics 365 CRM data using ODBC for advanced reporting and BI

September 22, 2025
Coral v1 released with Model Context Protocol runtime

Coral v1 released with Model Context Protocol runtime

September 22, 2025
MIT’s PDDL-INSTRUCT improves Llama-3-8B plan validity

MIT’s PDDL-INSTRUCT improves Llama-3-8B plan validity

September 22, 2025
xAI releases Grok 4 Fast model for all users

xAI releases Grok 4 Fast model for all users

September 22, 2025
Neuralink to trial brain implant for text translation

Neuralink to trial brain implant for text translation

September 22, 2025

LATEST NEWS

Selected AI fraud prevention solutions – September 2025

A practical guide to connecting Microsoft Dynamics 365 CRM data using ODBC for advanced reporting and BI

Coral v1 released with Model Context Protocol runtime

MIT’s PDDL-INSTRUCT improves Llama-3-8B plan validity

xAI releases Grok 4 Fast model for all users

Neuralink to trial brain implant for text translation

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.