Users With Weak SSH Keys Had Access To GitHub Repositories For Popular Projects

itwbennett writes: Earlier this year, researcher Ben Cox collected the public SSH (Secure Shell) keys of users with access to GitHub-hosted repositories by using one of the platform's features. After an analysis, he found that the corresponding private keys could be easily recovered for many of them. The potentially vulnerable repositories include those of music streaming service Spotify, the Russian Internet company Yandex, the U.K. government and the Django Web application framework. GitHub revoked the keys, but it's not clear if they were ever abused by attackers.

If Only

[OverlordQ]

> GitHub revoked the keys, but it's not clear if they were ever abused by attackers.

If only GIt allowed a way to see what was changed.