Too Long; Didn't Read
Fraudsters constantly scan public code repositories for these secrets to gain a foothold into systems. Shhgit finds over 165,000 secrets everyday single across public GitHub, GitLab, and Bitbucket repositories. The fallout can be catastrophic in terms of financial loss and reputational damage. We purposely leaked valid Amazon AWS credentials to a public GitHub repository. We chose to leak AWS keys because we know they are highly sought after by fraudsters with all sorts of different motives — espionage, spamming, financial gain or blackmail. But what happens immediately after leaking secrets?