The Microsoft-owned platform received the vulnerability report on December 26, 2023, and took immediate action to address the issue and revoke potentially exposed credentials, which led to disruptions between December 27 and 29.

The security defect, which allowed access to credentials within a production container, had no impact beyond the security researcher who identified and reported it, but the platform’s security protocols call for rotating credentials exposed to third-parties.

“After running a full investigation, we assess with high confidence, based on the uniqueness of this issue and analysis of our telemetry and logging, that this vulnerability has not been previously found and exploited,” GitHub says.