GitHub Private Key is Leaked

[Erfsh]

Summary

GitHub published their RSA SSH host private key by "mistake."  It was leaked today (24th March) "around 02:30 UTC" in a repository, but they have replaced their SSH private key since approximately 05:00 UTC. They claim nobody could use this to access their infrastructure or user data, but the have updated the key to protect the users from "impersonation" and "eavesdropping" attack.

 

From github.blog at https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ you can read:

Quote

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH.

Quote

This key does not grant access to GitHub’s infrastructure or customer data. This change only impacts Git operations over SSH using RSA. Web traffic to GitHub.com and HTTPS Git operations are not affected.

My thoughts

I don't think that it had any serious impact on any user, unless it was leaked for more than what they stated. Then the attackers could target a certain user or more for eavesdropping on potentially private repository data exchange. Surely we can't tell for now until someones private codes are leaked somewhere else and it turned out an attacker was capturing and reading their data transfer.

 

Sources

https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

[wanderingfool2]

Well this would more likely effect potential state sponsored stuff.

 

i.e. State intercepts traffic and saves data that they one day hope to decrypt.  Then something like this comes along and now they are able to decrypt it.

 

Low impact though overall, unless you are a target from state sponsored attacks