Thousands of Firefox Users Accidentally Commit Login Cookies On GitHub
Marlin then asked whether he could make his findings public and was told he’s free to do so. “I’m frustrated that GitHub isn’t taking its users’ security and privacy seriously,” Marlin told The Register in an email. “The least it could do is prevent results coming up for this GitHub dork. If the individuals who uploaded these cookie databases were made aware of what they’d done, they’d s*** their pants.”
Marlin acknowledges that affected GitHub users deserve some blame for failing to prevent their cookies.sqlite databases from being included when they committed code and pushed it to their public repositories. “But there are nearly 4.5k hits for this dork, so I think GitHub has a duty of care as well,” he said, adding that he’s alerted the UK Information Commissioner’s Office because personal information is at stake. Marlin speculates that the oversight is a consequence of committing code from one’s Linux home directory. “I imagine in most of the cases, the individuals aren’t aware that they’ve uploaded their cookie databases,” he explained. “A common reason users do this is for a common environment across multiple machines.”
Read more of this story at Slashdot.