[untitled]
6 comments
Once exposed, forever exposed.
tl;dr Bing indexed and cached a public repository, then made it available to its AI chat. Later, the repository author switched the repository to private and understood how the internet works. And the story gets only better as the author is the founder of a “cybersecurity” company.
I'm baffled. There isn't even the seed of a story here, just someone not understanding that if you put data out there, the data is [checks notes] out there.
there are also the various fundamental security issues GitHub has where making a repo private (and a few other cases e.g. related to forks) comitts/content _which was never public_ (e.g. pushed after it was made private) are publicly available.
techcrunch has never been good in the journalistic integrity department, it's a tech tabloid.
> Dror said that Lasso reached out to all affected companies who were “severely affected” by the data exposure and advised them to rotate or revoke any compromised keys.
If the "companies affected" have any idea what they are doing all of the exposed tokens and the like would have been rotated a long time ago.