900+ Certificates Used by Fortune 500, Governments Exposed by Key Leaks

A joint study by Google and GitGuardian reveals that over 2,600 valid TLS certificates, protecting Fortune 500 companies and government agencies, were compromised due to private key leaks on GitHub and DockerHub.

A massive security gap has been brought to light by the research firm GitGuardian in partnership with Google. The study reveals that the private keys used to protect some of the world’s most important websites are being left wide open for anyone to find

These keys, as we know them, are the backbone of TLS certificates, the technology that puts the padlock in your browser and keeps your credit card details or passwords safe. These certificates use a pair of keys: a public one that everyone can see, and a private one that must stay secret, so if a private key leaks, the encryption is basically broken.

Fortune 500 and Governments at Risk

GitGuardian researchers noted ...