GitHub expands security tools after 39 million secrets leaked in 2024

GitHub announced updates to its Advanced Security platform after it detected over 39 million leaked secrets in repositories during 2024, including API keys and credentials, exposing users and organizations to serious security risks. In a new report by GitHub, the development company says the 39 million secrets were found through its secret scanning service, a security feature that detects API keys, passwords, tokens, and other secrets in repositories. "Secret leaks remain one of the most common—and preventable—causes of security incidents," reads GitHub's announcement. "As we develop code faster than ever previously imaginable, we're leaking secrets faster than ever, too." This is happening despite GitHub's targeted protection measures like "Push Protection," which was introduced in April 2022 and was activated by default on all public repositories in February 2024. According to GitHub, the main reasons why secrets continue to leak are the prioritization of convenience by develope ... Read full article.