
Starbucks Devs Leave API Key in GitHub Public Repo (2019) - taspeotis
https://www.bleepingcomputer.com/news/security/starbucks-devs-leave-api-key-in-github-public-repo/
======
Zenst
This seems to be a common trend and if I was GitHub, I'd at least have a daily
cron job to scan recent updates for API keys and send email alert to the
owners at the very least.

Heck, they could do such a service and offer it as part of a premium package
for a few dollars a month - mistakes are an opportunity and they are a
business after all.

~~~
dynamiccast
Not sure how it works behind the scene but one day we received an email from
Github a few minutes after a commit informing us an AWS key was likely
detected in our latest commit. This was a free open source repo and we took
the necessary precaution fast thanks to this warning. This was 3 years ago.

