I had 2 accounts compromised last week:<p>1. AWS account
2. Gmail account<p>Both keys (account secrets for AWS and user/pw for gmail) were only used in a single repository hosted on Github, private, with only me as a collaborator. Both accounts were accessed within the same week, thus this .env is likely the source of leakage.<p>For this project, I only work from the same PC. If my PC was compromised, I would expect other accounts to be compromised as well.<p>The application server (in DigitalOcean), that also reads from this repository, has no signal of intrusion.<p>I know that it's a bad practice of keeping production keys on the repo, but was confident that if I was careful, it would not be easily leaked.<p>Am I missing something else?
Go to the "insights" tab on your repository, and you should be able to see the number of recent-clones. If that number is bigger than zero it might be that somebody else has fetched it.<p>But really we can't tell; there's been nothing in the news about a mass compromise, or mass leaking. So it is possible you've had a PC compromise by a slow & stealthy user, or something entirely different.