On Tuesday, the popular code hosting service GitHub updated its search capabilities. By Thursday, developers had discovered that those new search capabilities were turning up private information that was publicly available through GitHub. In many cases, that information included private encryption keys for GitHub projects. Armed with those keys, hackers could potentially access and make changes to the code for various projects.
Security experts are warning GitHub users to make sure they don’t accidentally include their private files when they upload code to GitHub. But some are calling for GitHub to take stronger measures to ensure this sort of thing doesn’t happen. One security researcher tweeted, “When one person pushes their private key to GitHub, it’s an idiot problem. When a hundred people do, it’s not about idiot users anymore.”