If you have a website, and you had it built by a developer, chances are he used GitHub to create it. It is an open-source software, used by many. Since most universities teach their students how to use it, it is quite normal that their alumni continue to do so, during their professional career. However, as the owner of the website, you should be aware that there can be "secrets breach" through GitHub. That is why you need to scan it for potential weaknesses, before going live.
GitHub Repository: Where your Secrets are held
When you build a website, you will most probably need to keep some delicate information on it. You can start with the private information of your users, as an example. Credit card numbers of paying members are also considered GitHub Secrets. Sometimes, as we have discovered through the GitHub hacking of Microsoft, a year ago, there is even information being exchanged over the GitHub repository by colleagues from around the world, regarding projects in development, amongst other elements.
If you don't protect these data, this could mean catastrophe on the horizon. Of course, you need to remind your web developer to be careful. But that is not sufficient. The problem is: There is no possible way for you to verify that your information is safe, by yourself. Even if you could read coding, chances are you wouldn't be able to identify problems. But there is a simple way to analyze the situation and make sure that all is right: By performing a GitHub security scan on your website. It can be done on private or public sites. If you decide to skip this step, keep in mind that you are taking on an important risk.
Examples of GitHub Security Breaches in the Past
As you will see below, everyone faces the danger of GitHub security breaches, including some of the largest companies around the world. Whether your company is a multinational, or you are working mostly locally, the loss of crucial data can destroy a company, forever. Therefore, if you haven't already done so, you need to proceed to a scan today.
Here are a few recent examples of weaknesses discovered on GitHub repositories, and the problems they have caused.
October 2019: An API key was left behind, inside the GitHub repository. A bug bounty platform discovered it, and Starbucks had to pay them a large amount of money to solve this situation.
NISSAN NORTH AMERICA
January 2021: There was an improper disclosure of confidential information and source code, as a Git server was left exposed to the public, leaking information on the company's mobile app and other internal tools, used by Nissan North America.
MULTIPLE HEALTHCARE PROVIDERS
This situation can really be considered a serious legal issue, since the medial records of over 200,000 patients in the USA were exposed on the net. This is a good example of what usually happens: A developer exposed a login credential on GitHub, and it didn't take long for the information to leak. These were personal information, which fall under the Protected Health Information of Patients regulation.