explodingcamera, this gist would be much easier to read if you applied some light formatting to it. Perhaps even as little as adding a '.md' file extension to the gist "filename" would be sufficient to get word wrap.
My comments from the other thread: <a href="https://news.ycombinator.com/item?id=15963787" rel="nofollow">https://news.ycombinator.com/item?id=15963787</a><p>Very interesting. I wonder if any private organisations setup a pseudo/canary repositories, that when pulled triggered an alarm? Or simply contained some monitored API keys or credentials to spot any activity/Insider threats.<p>Might be a neat idea for those businesses that are concerned about their private repos (either cloud hosted or self hosted).<p>May have picked up if anyone was able to exploit this.
Companies don't generally send out notifications like this for bug bounty reports or pentesting engagements - kind of implies that they found it being exploited in the wild.