{"id":967,"date":"2024-03-13T08:07:17","date_gmt":"2024-03-13T06:07:17","guid":{"rendered":"https:\/\/techlance.ddns.net\/?p=967"},"modified":"2024-03-13T08:08:09","modified_gmt":"2024-03-13T06:08:09","slug":"yli-12-miljoonaa-todennussalaisuutta-ja-avainta-vuoti-githubiin-vuonna-2023","status":"publish","type":"post","link":"https:\/\/techlance.ddns.net\/en\/yli-12-miljoonaa-todennussalaisuutta-ja-avainta-vuoti-githubiin-vuonna-2023\/","title":{"rendered":"Yli 12 miljoonaa todennussalaisuutta ja avainta vuoti GitHubiin vuonna 2023"},"content":{"rendered":"<p>GitHub-k\u00e4ytt\u00e4j\u00e4t paljastivat vahingossa 12,8 miljoonaa todennus- ja herkk\u00e4\u00e4 salaisuutta yli 3 miljoonassa julkisessa repositoriossa vuoden 2023 aikana, ja valtaosa n\u00e4ist\u00e4 pysyi voimassa viiden p\u00e4iv\u00e4n j\u00e4lkeen.<\/p>\n\n\n\n<p>T\u00e4m\u00e4n on todennut kyberturvallisuusasiantuntijat GitGuardianilta, jotka l\u00e4hettiv\u00e4t 1,8 miljoonaa ilmaista s\u00e4hk\u00f6postih\u00e4lytyst\u00e4 niille, jotka olivat paljastaneet salaisuuksia, n\u00e4hd\u00e4kseen vain pienen 1,8% niist\u00e4, jotka olivat yhteydess\u00e4 otetuista, ryhtyneen nopeasti toimiin virheen korjaamiseksi.<\/p>\n\n\n\n<p>Paljastetut salaisuudet sis\u00e4lt\u00e4v\u00e4t tilien salasanoja, API-avaimia, TLS\/SSL-sertifikaatteja, salausavaimia, pilvipalveluiden k\u00e4ytt\u00e4j\u00e4tietoja, OAuth-tokeneita ja muita herkki\u00e4 tietoja, jotka voisivat antaa ulkopuolisille toimijoille rajoittamattoman p\u00e4\u00e4syn erilaisiin yksityisiin resursseihin ja palveluihin, mik\u00e4 johtaisi tietoturvaloukkauksiin ja taloudellisiin vahinkoihin.<\/p>\n\n\n\n<p>GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. This is according to cybersecurity experts at GitGuardian, who sent out 1.8 million complimentary email alerts to those who exposed secrets, seeing only a tiny 1.8% of those contacted taking quick action to correct the error. The exposed secrets include account passwords, API keys, TLS\/SSL certificates, encryption keys, cloud service credentials, OAuth tokens, and other sensitive data that could give external actors unlimited access to various private resources and services, leading to data breaches and financial damage<\/p>\n\n\n\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023\/<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>GitHub-k\u00e4ytt\u00e4j\u00e4t paljastivat vahingossa 12,8 miljoonaa todennus- ja herkk\u00e4\u00e4 salaisuutta yli 3 miljoonassa julkisessa repositoriossa vuoden 2023 aikana, ja valtaosa n\u00e4ist\u00e4 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[9],"tags":[15],"class_list":["post-967","post","type-post","status-publish","format-standard","hentry","category-security","tag-tietoturva"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/967","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/comments?post=967"}],"version-history":[{"count":0,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/posts\/967\/revisions"}],"wp:attachment":[{"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/media?parent=967"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/categories?post=967"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techlance.ddns.net\/en\/wp-json\/wp\/v2\/tags?post=967"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}