Private GitHub repos leak

GitHub has revealed an "Inadvertent Private Repository Disclosure."

"On Thursday, October 20th, a bug in GitHub’s system exposed a small amount of user data via Git pulls and clones," the service said in a Saturday notice.

"In total, 156 private repositories of GitHub.com users were affected (including one of GitHub's). We have notified everyone affected by this private repository disclosure, so if you have not heard from us, your repositories were not impacted and there is no ongoing risk to your information."

The site is at pains to point out the leak came from an error, not an attack.

"This was not an attack, and no one was able to retrieve vulnerable data intentionally," the statement says. "There was no outsider involved in exposing this data; this was a programming error that resulted in a small number of Git requests retrieving data from the wrong repositories."

The link above offers a detailed explanation of what went wrong, plus planned modifications to the Rails application that made the leak possible. ®