

“Oops, I pushed a commit with something sensitive to a public GitHub project” - shakeel_mohamed
https://coderwall.com/p/dcqdva/oops-i-pushed-a-commit-with-something-sensitive-to-a-public-github-project

======
kaolinite
As soon as you push something sensitive to a public GitHub project, you need
to immediately assume that it has been noticed and that someone is on their
way to try and exploit you. There's a _very_ high chance that it's the case,
especially with API keys for services like MailGun, etc, which can be used by
spammers.

Attackers are using the Github firehose to look for credentials. You need to
_immediately_ revoke them.

------
tomjen3
You need to come up with a way to prevent this, rather than blame the person
who did this. Fat fingers happen, make it so that it doesn't matter.

