Anyone can Access Deleted and Private Repository Data on GitHub
Anyone can Access Deleted and Private Repository Data on GitHub
trufflesecurity.com Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
You're viewing a single thread.
View all comments
41
comments
After reviewing the documentation, it’s clear as day that GitHub designed repositories to work like this.
Sounds like they wanted to find a problem but it turned out to be a feature.
12 4 ReplyYeah, pretty much everyone agrees that once something goes to git it lasts forever.
The fact they call out that secret keys must be rotated if committed, makes me think they thought just deleting a commit was enough 🤦
12 3 Replya problem that is documented is obviously a feature
1 0 Reply
You've viewed 41 comments.
Scroll to top