[derefr]

Makes sense; but doesn't help the companies who aren't aware of the secret-scanning service / the ability to become a secret-scanning partner. If you have your own little API SaaS with its own API-key format, then you've probably got API keys exposed in the Github dataset; and someone's probably already found and extracted them. (It happened to us!)

Mind you, the Github dataset isn't the leak itself; the leak is the public repo that the user pushed their key to. The dataset just makes such searches scalable / cost-effective to third parties who aren't already indexing Github for some other reason.