GitHub Search shuts down after users' private keys exposed

GitHub Search shuts down after users' private keys exposed

Summary: [UPDATE] Social coding site's search function closes without explanation after online users pointed out that an upgrade earlier this week revealed private files and encryption keys.

SHARE:

GitHub's search function has stopped working after users pointed out that private files, including their private encryption keys there, were publicly accessible.

The source code repository where developers work on programs together as a team, even from different locations, had announced a major upgrade to the site's search engine on Tuesday on its blog.

However, Twitter users started pointing out that embedded private SSH keys and passwords could be easily found through GitHub's new feature. For example, Twitter user @lastfrodo said that he could see files, code-signing certificates, and private keys.

The search function then stopped working on Thursday without explaination. An updated message said: "Search remains unavailable. The cluster is recovering slowly and we continue to monitor its progress. We'll provide further updates as they become available."

However, similar results of private keys for encrypting e-mail and other communications using services such as GNU Privacy Guard (GNUPG) can still be found with a Google search.

googlegithub
Private keys of GitHub users found through Google Search. (Credit: The Hacker News)

A GitHub spokesperson emphasized that the search service being offline is unrelated to the issue of users unintentionally putting their private information on public repositories. "GitHub is currently working on bringing the search cluster back online," she said in a statement to ZDNet.

Just yesterday, Google released code samples for cloud services such as App Engine and BigQuery on GitHub in an attempt to encourage developers to use Google Cloud Platform.

The social coding site was also thought to have suffered a distributed denial-of-service (DDoS) on January 15, 2013, but it was found earlier this week that the site had been brought down by an overwhelming number of requests from Chinese users looking to book tickets home for the Lunar New Year.

Topics: Security, Software Development

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion