{"id":32935,"date":"2020-01-23T16:22:30","date_gmt":"2020-01-23T16:22:30","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30870\/Amazon-Engineer-Leaks-Encryption-Keys-To-Public-GitHub-Repo.html"},"modified":"2020-01-23T16:22:30","modified_gmt":"2020-01-23T16:22:30","slug":"amazon-engineer-leaks-encryption-keys-to-public-github-repo","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/","title":{"rendered":"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo"},"content":{"rendered":"<div class=\"img-wrapper sc-1eow4w5-2 gfolHV\" contenteditable=\"false\" data-syndicationrights=\"false\">\n<div class=\"image-hydration-wrapper sc-1eow4w5-3 iJyiXs\">\n<div><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-chomp-id=\"xv44q7lt7df08ujscqsi\" data-format=\"jpg\" data-height=\"2139\" data-default-transform=\"UncroppedWideExtraLarge\" data-width=\"3804\" data-relative=\"false\" data-show-background=\"true\" data-alt=\"Illustration for article titled Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes\" data-poster-src data-anim-src data-cropped=\"false\" class=\"dv4r5q-1 hEuYft\"><\/div>\n<\/div>\n<p>Photo: Getty<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">An Amazon Web Services (AWS) engineer last week inadvertently made public almost a gigabyte\u2019s worth of sensitive data, including their own personal documents as well as passwords and cryptographic keys to various AWS environments.<\/p>\n<p class=\"sc-77igqf-0 hJpRRP\">While these kinds of leaks are not unusual or special, what is noteworthy here is how quickly the employee\u2019s credentials were recovered by a third party, who\u2014to the employee\u2019s good fortune, perhaps\u2014immediately warned the company.<\/p>\n<div id=\"swappable-mobile-ad-container\" class=\"js_ad-mobile-dynamic swappable-mobile-ad-container js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">On the morning of January 13, an AWS employee, identified as a DevOps Cloud Engineer on LinkedIn, committed nearly a gigabyte\u2019s worth of data to a personal GitHub repository bearing their own name. Roughly 30 minutes later, Greg Pollock, vice president of product at UpGuard, a California-based security firm, received a notification about a potential leak from a detection engine pointing to the repo.<\/p>\n<aside class=\"inset--story branded-item branded-item--gizmodo sc-1rh3ayr-5 dNqkPX\" data-commerce-source=\"inset\" readability=\"21.816\">\n<div class=\"js_lazy-image sc-1rh3ayr-1 iNvMiS\">\n<div><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-chomp-id=\"eplp1qwopzj2nkouo5rt\" data-format=\"jpg\" data-height=\"3299\" data-default-transform=\"KinjaCenteredLargeAuto\" data-sizes=\"(max-width: 480px) 200px, 260px\" data-width=\"5866\" data-relative=\"false\" data-show-background=\"true\" data-poster-src data-anim-src data-cropped=\"true\" class=\"dv4r5q-1 hEuYft\"><\/div>\n<\/div>\n<div class=\"sc-1rh3ayr-6 gCydvg\" readability=\"7.272\">\n<h6 class=\"sc-1rh3ayr-3 cysjdd\"><a class=\"js_link sc-1out364-0 fwjlmD\" data-ga=\"[[&quot;Permalink page click&quot;,&quot;Permalink page click - inset headline&quot;]]\" href=\"https:\/\/gizmodo.com\/nobody-listened-1840663763\" rel=\"noopener noreferrer\" target=\"_blank\">Nobody Listened<\/a><\/h6>\n<p class=\"sc-1rh3ayr-4 flvRyU\">Despite the privacy concerns, labor strikes, and reports that Amazon is selling literal trash on\u2026<\/p>\n<p><a class=\"js_readmore inset--story__readmore sc-1rh3ayr-0 bfjBGf js_link sc-1out364-0 fwjlmD\" data-ga=\"[[&quot;Permalink page click&quot;,&quot;Permalink page click - inset read more link&quot;]]\" href=\"https:\/\/gizmodo.com\/nobody-listened-1840663763\" rel=\"noopener noreferrer\" target=\"_blank\">Read more<\/a><\/div>\n<\/aside>\n<p class=\"sc-77igqf-0 hJpRRP\">An analyst began working to verify what specifically had triggered the alert. Around two hours later, Pollock was convinced the data had been committed to the repo inadvertently and might pose a threat to the employee, if not AWS itself. \u201cIn reviewing this publicly accessible data, I have come to the conclusion that data stemming from your company, of some level of sensitivity, is present and exposed to the public internet,\u201d he told AWS by email.<\/p>\n<p class=\"sc-77igqf-0 hJpRRP\">AWS responded gratefully about four hours later and the repo was suddenly offline.<\/p>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"img-wrapper sc-1eow4w5-2 gfolHV\" contenteditable=\"false\" data-syndicationrights=\"false\">\n<div class=\"image-hydration-wrapper sc-1eow4w5-3 iJyiXs\">\n<div><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-chomp-id=\"fzqvfw4nyqtyxymqlbdu\" data-format=\"png\" data-height=\"400\" data-default-transform=\"KinjaUncroppedMedium\" data-width=\"740\" data-relative=\"false\" data-show-background=\"true\" data-alt=\"Illustration for article titled Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes\" data-poster-src data-anim-src data-cropped=\"false\" class=\"dv4r5q-1 hEuYft\"><\/div>\n<\/div>\n<p>Screenshot: UpGuard<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">Since UpGuard\u2019s analysts didn\u2019t test the credentials themselves\u2014which would have been illegal\u2014it\u2019s unclear what precisely they grant access to. An AWS spokesperson told Gizmodo on Wednesday that all of the files were personal in nature, unrelated to the employee\u2019s work. However, at least some of the documents in the cache are labeled \u201cAmazon Confidential.\u201d<\/p>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"img-wrapper sc-1eow4w5-2 gfolHV\" contenteditable=\"false\" data-syndicationrights=\"false\">\n<div class=\"image-hydration-wrapper sc-1eow4w5-3 iJyiXs\">\n<div><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-chomp-id=\"nst5eis6b2srlnsd1ngi\" data-format=\"png\" data-height=\"162\" data-default-transform=\"UncroppedWideExtraLarge\" data-width=\"1110\" data-relative=\"false\" data-show-background=\"true\" data-alt=\"Illustration for article titled Amazon Engineer Leaked Private Encryption Keys. Outside Analysts Discovered Them in Minutes\" data-poster-src data-anim-src data-cropped=\"false\" class=\"dv4r5q-1 hEuYft\"><\/div>\n<\/div>\n<p>Screenshot: UpGuard<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">Alongside those documents are AWS and RSA key pairs, some of which are marked \u201cmock\u201d or \u201ctest.\u201d Others, however, are marked \u201cadmin\u201d and \u201ccloud.\u201d Another is labeled \u201crootkey,\u201d suggesting it provides privileged control of a system. Other passwords are connected to mail services. And there are numerous of auth tokens and API keys for a variety of third-party products.<\/p>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">AWS did not provide Gizmodo with an on-the-record statement.<\/p>\n<div class=\"img-wrapper sc-1eow4w5-2 gfolHV\" contenteditable=\"false\" data-syndicationrights=\"false\" readability=\"7\">\n<div class=\"image-hydration-wrapper sc-1eow4w5-3 iJyiXs\">\n<div><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" data-chomp-id=\"qiwdkbgpwx5xejwon3wq\" data-format=\"png\" data-height=\"879\" data-default-transform=\"UncroppedWideExtraLarge\" data-width=\"1917\" data-relative=\"false\" data-show-background=\"true\" data-alt=\"Training documents marked \u201cAmazon Confidential\u201d\" data-poster-src data-anim-src data-cropped=\"false\" class=\"dv4r5q-1 hEuYft\"><\/div>\n<\/div>\n<p>Training documents marked \u201cAmazon Confidential\u201dScreenshot: UpGuard<\/p><\/div>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">It is possible that GitHub would have eventually alerted AWS that this data was public. The site itself <span><a class=\"sc-145m8ut-0 gaHZkC js_link sc-1out364-0 fwjlmD\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/github.blog\/2018-10-17-behind-the-scenes-of-github-token-scanning\/&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/github.blog\/2018-10-17-behind-the-scenes-of-github-token-scanning\/\" target=\"_blank\" rel=\"noopener noreferrer\">automatically scans<\/a><\/span> public repositories for credentials issued by a specific list of companies, just as UpGuard was doing. Had GitHub been the one to detect the AWS credentials, it would have, hypothetically, alerted AWS. AWS would have then taken \u201cappropriate action,\u201d possibly by revoking the keys.<\/p>\n<p class=\"sc-77igqf-0 hJpRRP\">But not all of the credentials leaked by the AWS employee are detected by GitHub, which only looks for specific types of tokens issued by certain companies. The speed with which UpGuard\u2019s automated software was able to locate the keys also raises concerns about what other organizations have this capability; surely many of the world\u2019s intelligence agencies are among them.<\/p>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">GitHub\u2019s efforts to identify the leaked credentials its users upload\u2014which began in earnest around <span><a class=\"sc-145m8ut-0 gaHZkC js_link sc-1out364-0 fwjlmD\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/github.blog\/2015-02-05-keeping-github-oauth-tokens-safe\/&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/github.blog\/2015-02-05-keeping-github-oauth-tokens-safe\/\" target=\"_blank\" rel=\"noopener noreferrer\">five years ago<\/a><\/span>\u2014received scrutiny last year after a study at North Carolina State University (NCSU) unearthed <span><a class=\"sc-145m8ut-0 gaHZkC js_link sc-1out364-0 fwjlmD\" data-ga=\"[[&quot;Embedded Url&quot;,&quot;External link&quot;,&quot;https:\/\/www.zdnet.com\/article\/over-100000-github-repos-have-leaked-api-or-cryptographic-keys\/&quot;,{&quot;metric25&quot;:1}]]\" href=\"https:\/\/www.zdnet.com\/article\/over-100000-github-repos-have-leaked-api-or-cryptographic-keys\/\" target=\"_blank\" rel=\"noopener noreferrer\">over 100,000 repositories<\/a><\/span> hosting API tokens and keys. (Notably, the researchers only examined 13 percent of all public repositories, which alone included billions of files.)<\/p>\n<p class=\"sc-77igqf-0 hJpRRP\">While Amazon access key IDs and auth tokens were among the data examined by the NCSU researchers, a majority of the leaked credentials were linked to Google services.<\/p>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">GitHub did not respond to a request for comment.<\/p>\n<p class=\"sc-77igqf-0 hJpRRP\">UpGuard says it chose to make the incident known to demonstrate the importance of early detection and underscore that cloud security is not invulnerable to human error.<\/p>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p class=\"sc-77igqf-0 hJpRRP\">\u201cAmazon Web Services is the largest provider of public cloud services, claiming about half of the market share,\u201d Pollock said. \u201cIn 2019, a former Amazon employee allegedly stole over a hundred million credit applications from Capital One, illustrating the scale of potential data loss associated with insider threats at such large and central data processors.\u201d<\/p>\n<p class=\"sc-77igqf-0 hJpRRP\">In this case, Pollock added, there\u2019s no evidence that the engineer acted maliciously or that any customer data was affected. \u201cRather, this case illustrates the value of rapid data leaks detection to prevent small accidents from becoming larger incidents.\u201d<\/p>\n<div id class=\"js_ad-mobile-dynamic js_ad-dynamic ad-mobile-dynamic movable-ad bxm4mm-4 liWXlp\">\n<div class=\"ad-unit ad-mobile bxm4mm-5 eZvXLs\">\n<p>Advertisement<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/30870\/Amazon-Engineer-Leaks-Encryption-Keys-To-Public-GitHub-Repo.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":32936,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[8402],"class_list":["post-32935","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackeramazondata-losspassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.9 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Amazon Engineer Leaks Encryption Keys To Public GitHub Repo 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-23T16:22:30+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif\" \/>\n\t<meta property=\"og:image:width\" content=\"1\" \/>\n\t<meta property=\"og:image:height\" content=\"1\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/gif\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo\",\"datePublished\":\"2020-01-23T16:22:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/\"},\"wordCount\":747,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif\",\"keywords\":[\"headline,hacker,amazon,data loss,password\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/\",\"name\":\"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif\",\"datePublished\":\"2020-01-23T16:22:30+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/01\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif\",\"width\":1,\"height\":1},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,amazon,data loss,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackeramazondata-losspassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/","og_locale":"en_US","og_type":"article","og_title":"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-01-23T16:22:30+00:00","og_image":[{"width":1,"height":1,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif","type":"image\/gif"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo","datePublished":"2020-01-23T16:22:30+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/"},"wordCount":747,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif","keywords":["headline,hacker,amazon,data loss,password"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/","url":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/","name":"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif","datePublished":"2020-01-23T16:22:30+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/01\/amazon-engineer-leaks-encryption-keys-to-public-github-repo.gif","width":1,"height":1},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/amazon-engineer-leaks-encryption-keys-to-public-github-repo\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,amazon,data loss,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackeramazondata-losspassword\/"},{"@type":"ListItem","position":3,"name":"Amazon Engineer Leaks Encryption Keys To Public GitHub Repo"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/32935","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=32935"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/32935\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/32936"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=32935"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=32935"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=32935"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}