Fraudsters compromised our cloud infrastructure in less than a minute after leaking AWS keys to a public GitHub repository
Accidentally leaking secrets — usernames and passwords, API tokens, or private keys — in a public code repository is a developers and security teams worst nightmare. Fraudsters constantly scan public code repositories for these secrets to gain a foothold in to systems. Code is more connected than ever so often these secrets provide access to private and sensitive data — cloud infrastructures, database servers, payment gateways, and file storage systems to name a few. But what happensafter a secret is leaked? And what is the potential fallout?
Comments 0