GitHub’s Dirty Little Secret: How Deleted Files Led to a $64K Bug Bounty Bonanza!
Security researcher Sharon Brizinov pocketed $64,000 by exposing the hilarious truth that deleted files in GitHub repositories aren’t really gone. Git’s commitment to eternal file storage means secrets like API keys can lurk indefinitely, waiting to be rediscovered. Developers, beware: Git has a better memory than your grandma at Christmas.
Hot Take:
Who knew that GitHub could be the land of forgotten secrets? Sharon Brizinov just made $64,000 by playing digital archaeologist, dusting off hidden treasures from deleted files in public repositories. GitHub: where secrets go to retire… or get rediscovered by eagle-eyed researchers!
Key Points:
- Sharon Brizinov earned $64,000 by unearthing secrets in deleted files from public GitHub repositories.
- Deleted files in Git repositories can still be accessed because Git retains a complete history of changes.
- Brizinov built a tool to automate the process of finding and restoring these deleted files to check for secrets.
- His findings included leaked API keys, tokens, and credentials, especially from repositories with over 5,000 stars.
- Developers are advised to rotate compromised secrets and understand Git’s history retention to avoid leaks.
Already a member? Log in here