[aeyes]

This is a service running on public repos, anyone can scrape this which is the problem. GitHub does the scanning and all that is forwarded is the "secret" matching their regex. Tencent then identifies the account owner and informs them about the public secret. That's all.

GitHub is available in China, why shouldn't they protect their Chinese users?

And the SIM card requirements have nothing to do with Tencent, have you tried getting a SIM in Germany? Impossible without government ID and an address. And there are a lot of services which you can't sign up for without German ID / address. As a foreigner I also can't easily open a bank account in the US.

[barbariangrunge]

Why do they notify tencent instead of the repo owner?

[BigGreenTurtle]

Once a co-worker accidentally pushed an AWS key pair to his public dotfiles repo. About 30 seconds later AWS disabled the key and notified the account admin about the possibility of an account breach.

[vxNsr]

This is my question too… why not just let the owner of the repo know, why notify Tencent at all?

[oefrha]

Answered elsewhere: https://news.ycombinator.com/item?id=34067625.

Instead of repeatedly having a question in an HN thread, next time try to read the source article.