Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that contains the word Basic word followed by a space and a base64-encoded string username:password. Leaked usernames and password can be used by attackers to attempt to authenticate to existing accounts and steal information they hold.
Step 1: Revoke the exposed secret.
Step 2: Clean the git history.
Go under the settings section of your GitHub project and chose the change visibility button at the bottom.
Step 3: Inspect your application's access logs to ensure the key was not utilized during the compromised period.
Updated about 1 year ago