Techly NewsGet the app

Get the latest tech news

Copilot exposes private GitHub pages, some removed by Microsoft


Repositories once set to public and later to private, still accessible through Copilot.

These repositories, belonging to more than 16,000 organizations, were originally posted to GitHub as public, but were later set to private, often after the developers responsible realized they contained authentication credentials allowing unauthorized access or other types of confidential data. “After realizing that any data on GitHub, even if public for just a moment, can be indexed and potentially exposed by tools like Copilot, we were struck by how easily this information could be accessed,” Lasso researchers Ophir Dror and Bar Lanyado wrote in a post on Thursday. Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords.

Get the Android app

Or read this on ArsTechnica

Read more on:

Photo of Microsoft

Microsoft

Photo of Copilot

Copilot

Photo of GitHub

GitHub

Related news:

News photo

Outlook classic dropped from Microsoft 365

News photo

Thousands of Exposed GitHub Repositories, Now Private, Can Still Be Accessed Through Copilot

News photo

Microsoft Launches Copilot App for Mac

« Industry observers say GPT-4.5 is an “odd” model, question its price
Microsoft launches native Mac app for Copilot »