[pm90]

> They've leaked before and they'll keep on leaking. GitHub even made it harder for people to fork private repos to their own public accounts but it still happens

Can you provide some actual instances of this happening? Genuinely curious, as my org is currently migrating from enterprise to cloud.

[bifrost]

I've mostly seen this reported in forums and during discussion, if you Google around you'll find some pretty useful hits.

Here's a good one from reddit: https://www.reddit.com/r/github/comments/9odnvw/someone_fork...

Its also discussed reasonably well in the infosec community. Basically GitHub is a great place to find other people's passwords and API keys.

[baroffoos]

Thats unrelated to github though. It sounds like the person did a git clone and then created a new repo and pushed it. You could do that with a self hosted git repo as well. To stop that you would have to have your git server block logins from non company machines and have some serious logging on all company machines to stop anyone moving it off via usb

[bifrost]

baroffoos: Thats pretty close to what I'm suggesting, no public repo access. It works.