Jump to content

GitHub Private Key is Leaked



GitHub published their RSA SSH host private key by "mistake."  It was leaked today (24th March) "around 02:30 UTC" in a repository, but they have replaced their SSH private key since approximately 05:00 UTC. They claim nobody could use this to access their infrastructure or user data, but the have updated the key to protect the users from "impersonation" and "eavesdropping" attack.


From github.blog at https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ you can read:


At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com. We did this to protect our users from any chance of an adversary impersonating GitHub or eavesdropping on their Git operations over SSH.


This key does not grant access to GitHub’s infrastructure or customer data. This change only impacts Git operations over SSH using RSA. Web traffic to GitHub.com and HTTPS Git operations are not affected.

My thoughts

I don't think that it had any serious impact on any user, unless it was leaked for more than what they stated. Then the attackers could target a certain user or more for eavesdropping on potentially private repository data exchange. Surely we can't tell for now until someones private codes are leaked somewhere else and it turned out an attacker was capturing and reading their data transfer.




Link to comment
Share on other sites

Link to post
Share on other sites

Well this would more likely effect potential state sponsored stuff.


i.e. State intercepts traffic and saves data that they one day hope to decrypt.  Then something like this comes along and now they are able to decrypt it.


Low impact though overall, unless you are a target from state sponsored attacks

3735928559 - Beware of the dead beef

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now