GitHub is the popular code-sharing platform which is used by thousands of developers. A more secure, premium version of the service is the GitHub Enterprise which was seriously undermined recently when the email IDs of more than 3,000 Enterprise users were accidentally leaked and then posted to Pastebin.
Apparently, the whole issue started when GitHub sent an email to its Enterprise users, asking them to renew their licenses. Even this email in question is dubious because many Enterprise users later expressed that their licenses are nowhere near expiring, so they shouldn’t have been asked to renew them.
As it appears, the GitHub team made a critical mistake when sending out the email. As the team later noted in an official blog post, “Earlier today a routine system email was incorrectly sent to many of our GitHub Enterprise customers. In these errant emails, customer email addresses were included in the To: field, making them visible to anyone who received the message.”
But the matter got exacerbated when one of the recipients of the email decided to have some fun and posted the entire list of email IDs on Pastebin, thus visible to everyone. This triggered a flurry of angry responses from GitHub Enterprise users who demanded that if the platform can’t even keep their email IDs secure, how can they trust it with their code.
The team has apologized for the incident, “We are very sorry about this. We have determined what caused this incident and contacted all affected customers directly.” Let’s see if the assurance is sufficient to placate the disgruntled users.