GitHub, the online developer platform for collaboration that is also a source code repository, has announced upgrades on its search engine, but exposed passwords in the process.
A few days after the major upgrades to the search engine, some developers who use GitHub have discovered “embedded private SSH keys and passwords that can easily be found via GitHub new feature”.
This comes after GitHub proudly announced: “Finding great code on GitHub just got a whole lot easier.”
Every repository on GitHub is a public folder designed to hold the software code that a developer or developers are working on.
A security analyst explained the search engine bug works such that “if you upload security information (keys/passwords etc) to a public repository, new search feature will allow anyone to find them”.
On Friday GitHub’s Search Feature had since been disabled as the GitHub appeared busy looking for ways to to fix the bug although they did not acknowledge this in a statement on the website which read: “Search remains unavailable. The cluster is recovering slowly and we continue to monitor its progress. We’ll provide further updates as they become available.”
