CISA revealed it had to build a playbook during a live incident after a contractor exposed government credentials on GitHub. The agency has lost a third of staff.
GitHub ghost accounts and exposed PATs scrape corporate orgs through the API, with select cases cloning private repos.