Code security firm Truffle Security warns that thousands of the domains in the Alexa top 1 million websites list are leaking secrets, including credentials. According to the company, which provides an open source secret-scanning engine, 4,500 of the analyzed websites exposed their .git directory. An analysis of the exposed credentials has revealed that AWS and GitHub keys were the most prevalent type of leaked secrets, accounting for 45% of all credentials. Truffle Security attempted to contact all impacted site owners after identifying and verifying the exposed secrets, but notes that the endeavor was not successful in all cases.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.