I use git to keep tracks of my home configuration and github as my backup server. Accidentally, today, when I run diff on my home directory with my git configuration backup I found that my .gitconfig option "[sendemail]" has been changed, and …
Oh, wait …
What if someone also do this on github?
So, I go to github and search for "smtppass". I found some repository with
smtppass filled in.
Here is a result that I tried and working,
Update: I have inform github support about this, and here is the reply from one of their staff.
From: "Haleigh (GitHub Staff)" <firstname.lastname@example.org> To: Mhd Sulhan <email@example.com> Message-ID: <firstname.lastname@example.org> In-Reply-To: <email@example.com> References: <firstname.lastname@example.org> Subject: Re: Email password leak in public repository. Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-SG-EID: GILdSeq0y2tr3ZX5/p0O19oxV0pQOx/0hP7Msw8IaX0VG7CuD6h7wAYZ+F9TXKd1to1U7+2zWkwIXdmB57c4/j/pSgA1W5Qs6/bclca5tNQatpKAkC7FNdI48OcuBxWJl/hOyMo9Ux1ljLBQsLw3NJUc5I8Mrf+acqJL3xWJ0Ow= X-Feedback-ID: 1120282:2Wv/oNEpTh6CoJNE/kv0Vebovh40FCRTex+O2CJZzhU=:2Wv/oNEpTh6CoJNE/kv0Vebovh40FCRTex+O2CJZzhU=:SG Hi there, Thanks for the report. We're checking it out. Cheers, Haleigh