A security engineer scanned over 5.6 million public GitLab repositories using TruffleHog and uncovered more than 17,000 exposed secrets across nearly 2,800 domains. This highlights the widespread risk of sensitive data leaks on code hosting platforms and the importance of proactive secrets management. #GitLab #SecretsLeakage
Keypoints
- A security engineer used automated tools to scan public repositories on GitLab Cloud for exposed secrets.
- Over 17,000 secrets, including API keys, tokens, and passwords, were identified across millions of repositories.
- The most leaked secrets were Google Cloud Platform credentials, followed by MongoDB and OpenAI keys.
- The scanning process cost $770 and was completed within 24 hours, revealing a high secret density.
- Many organizations revoked leaked secrets after notification, but some still remain exposed online.