Need Some Emails?
January 1, 2015
I read “Why Deleting Sensitive Information from Github Does Save You.” The write up is intended for developers. The information in the article makes it easy to suck up Github content and extract several million live emails. Here’s an example from the write up:
GHTorrent advertises itself as an “offline mirror of data”. In a nutshell, it keeps track of a ton of data that flows through Github’s Events API stream, and recursively resolves dependencies to relate, say, a commit object to an event object. Currently, they suggest they have accumulated the data from 2012-2014. This database has incredible potential for researchers, but also allows for hackers to pull previously deleted or changed data en masse. Granted, from what I can tell they don’t store the actual file content (so your accidentally committed password won’t be stored), but that doesn’t mean that there isn’t sensitive data to be had.
Want to know how? Just navigate to the original story.
Stephen E Arnold, January 1, 2015