Researchers uncover 23 million new credentials leaked in public, including passwords, authentication tokens and more.
had been found within criminal forums on both the dark and surface web, I thought that the leaked credentials problem couldn’t really get any worse. Within 10 days, I had been forced to revise that viewpoint as the actual number of unique stolen passwords included in that list increased from 1.
4 billion to 2.9 billion. Oh, andplay, it’s hardly surprising I was concerned. And then, dear reader, I was passed a copy of a new report that revealed a revised and truly concerning number of plaintext credentials leaked publicly. Let me explain why. Rarely has the opening line of a security analysis struck me as strongly as that of the GitGuardian “State of Secrets Sprawl 2025” report. I mean, I wasn’t surprised to read that “long-lived plaintext credentials have been involved in most breaches over the last several years,” but knowing the context, it still hit very hard. After all, this is a message I’ve been trying to get across for years, decades even, and apparently with very little success. The second half of that leading paragraph sums up my concern nicely: “When valid credentials, such as API keys, passwords, and authentication tokens, leak, attackers at any skill level can gain initial access or perform rapid lateral movement through systems.” These secrets, these plaintext credentials, should not be leaked. Period. That’s pretty obvious to everyone, isn’t it? So why, then, according to the GitGuardian analysis, were there a staggeringthat had been added to public GitHub repositories in 2024? Sure, it’s not in the billions, but it’s the context that matters here. It’s the kind of credentials, and the fact that this represents an increase of some 25% over the numbers leaked in 2023, that concerns me the most. That, my friends, is genuinely shocking and suggests that lessons are not being learned. Despite GitHub’s efforts to prevent such credential leakage, the sprawl of these plaintext secrets is worsening, not improving. If you are not concerned by this revelation, then, frankly, you need to take a long look at yourself. When you consider that, as Verizon’s 2024 Data Breach Investigations ReportiOS 18—Here’s Why There’s A New Black Dot On Your iPhone“It is an attacker’s favorite way to gain an initial foothold and to move laterally through environments,” GitGuardian warned. I have reached out to GitHub for a statement regarding the leakage of plaintext credentials as detailed by GitGuardian analysts, and will update this article once I have anything further to report.
2FA API Authentication Password Leak Authentication Leak Github Gitguardian Secrets Leaked Plaintext Passwords
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
2025 Morgan Supersport | PH ReviewNew look, new underpinnings, new mission - is the Supersport truly a new dawn for Morgan?
Read more »
Alabama lawmakers want to add $80 million to new $100 million school choice planAlabama families should find out soon whether they will get CHOOSE education savings accounts.
Read more »
Apple’s Chrome Warning—400 Million iPhone Users Must Now ActCheck your phone now — here's why.
Read more »
Strong Winds Prompt New Warning for New Jersey WildfiresFirefighters continue to fight fires in New Jersey amid worsening weather conditions that could contribute to rapid fire spread.
Read more »
Amgen to expand New Albany facility with $900 million investment, 350 new jobsAmgen expands Ohio site with $900M investment, creating 350 new jobs and boosting total state investment to $1.4B in cutting-edge biomanufacturing.
Read more »
Amgen to expand New Albany facility with $900 million investment, 350 new jobsAmgen expands Ohio site with $900M investment, creating 350 new jobs and boosting total state investment to $1.4B in cutting-edge biomanufacturing.
Read more »