GitHub’s previous search was not great, and when the new version launched it was a massive leap forward, where it’s now part of my daily workflow. Before this I thought good search at this scale might just be an intractable problem. :)
Meh before Microsoft acquisition, you could get an API key for any service you want by just making a search on github, not sure how many people knew about it, it was probably a dirty secret but I used to crawl tons of stuff by just rotating API keys found from github, none of that is possible anymore.
On the plus side I don't count how many reports I've done to companies who did leak not only their username/password but also all the cool proxy you could use to go inside their network. The weirdest one of them was a guy working in security at thales which is supposed to handle security sensitive stuff for governments leaking all that information as he was working on a side project involving poker during business hours ...
This is definitely still possible. Saw a guy a year or two ago in a web scraping Discord who does this for fun and found all sorts of API keys. I think he found a 2captcha API key for an account with a 5 grand balance by spamming the search API endpoints. I hope he didn’t actually use any of that….
Pretty sure some people also made a fortune in crypto exchange API keys because I’ve seen threads where people advertise services to “cash out” Binance API keys for 5 cents in the dollar. I assume they use the balance in the account to inflate the price of some random coin that the attacker bought just before the attack. Yeah, that’s what this world is coming to.
Yes! My colleague who created it has started working on an open source version so we can publish it. I am not sure when it will be ready, but I'm excited because it is extremely interesting and has a lot of potential use cases.
