A developer friend of mine sent me this link this morning.

This is how you get hacked

Remember folks, a GitHub repo is only as good as its users.

So what’s the big deal you may be asking. Well, these folks have all exposed their database names and passwords to the world. Some of them may be just for development servers, but it’s still something to work off of. It’s easy enough to find out what some of these websites domains may be, and finding the ip isn’t that hard either.

Safety first kids. Don’t commit your wp-config files to public repos!


Update: Oh god, it gets worse… This is a list of private SSH keys. They are just sitting there in the open for all to steal and use. People think hacking is hard… well it is, but it’s a whole lot easier when you give them the keys to your car.  DON’T put private information on a public repo!