According to information the by clicking here GeekedIn leaked 8 million accounts of GitHub that existed in a base δεδομένων χωρίς ασφάλεια MongoDB. Η ιστοσελίδα αναφέρει ότι διαθέτει τουλάχιστον το ένα τρίτο της βάσης, και είναι πολύ πιθανό να αποτελεί αντικείμενο διαπραγμάτευσης και κάπου αλλού στο διαδίκτυο.
Security researcher Troy Hunt who runs the service Have I been Pwned? discovered the leaked base and sent it to GitHub.
A rough analysis of the file eventually revealed that:
- It contains 8.200.000 unique email addresses, meaning it accounts for about 8,2 millions of GitHub, Bitbucket users and, possibly, other online services.
- Most of these files contain user names, e-mail addresses, geographic location, professional skills, years of professional experience.
- All of this information is already on the internet and accessible to everyone (GeekedIn has created its own database, and offers paid access to companies interested in developers)
GitHub has stated that it allows third parties to access their users' data as long as they are used for the same purpose as GitHub itself.
"Use of this information for commercial purposes violates our privacy statement and is not permitted," they told Hunt.
So he eventually managed to get in touch with GeekedIn, who recognized his mistake and promised to secure the data.
Hunt provided some of the data in raw form through his service. They include about one million GitHub users.
"This incident is not due to any kind of security vulnerability of GitHub, and is rather related to data on their site that someone recorded and then exposed to another service,"Hunt said.