
Over 100k GitHub repos have leaked API or cryptographic keys - bookofjoe
https://www.zdnet.com/article/over-100000-github-repos-have-leaked-api-or-cryptographic-keys/
======
andreareina
* Erase creds from your repo's history with the BFG[1]

* GitHub scans public repos for API keys[2]. Why is it alerting the service provider, and not the owner of the repo?

[1] [https://rtyley.github.io/bfg-repo-cleaner/](https://rtyley.github.io/bfg-
repo-cleaner/)

[2] [https://help.github.com/en/articles/about-token-
scanning](https://help.github.com/en/articles/about-token-scanning)

