I feel like this gets posted every other month or so. I appreciate the awareness, but it doesn't seem like there's much new discussion or debate to have on the matter: folks continue to be a bit more careless with credentials than they ought to be / don't think about what pushing something to a public site means / etc, it would rock if GitHub was more proactive about messaging affected users, it sucks that it's hard to safeguard against this via technical means.
If anything, I'd love to see somebody do a blog post instead about how they started scraping these results and/or the commit data firehose and messaging users who posted credentials
Ian Paul of PC World wrote that, "As its name suggests, LulzSec claims to be interested in mocking and embarrassing companies by exposing security flaws rather than stealing data for criminal purposes."[16] -- https://en.wikipedia.org/wiki/LulzSec
If anything, I'd love to see somebody do a blog post instead about how they started scraping these results and/or the commit data firehose and messaging users who posted credentials