Home / Companies / GitGuardian / Blog / Post Details
Content Deep Dive

Hunting Leaked PyPI Tokens: 62 Live, 125 Packages Exposed

Blog post from GitGuardian

Post Details
Company
Date Published
Author
Guillaume Valadon
Word Count
986
Company Posts That Month
15
Language
English
Hacker News Points
-
Summary

PyPI has been a recurring target in supply chain attacks, often due to the publication of malicious packages, prompting an investigation into exposed credentials. GitGuardian's Public Monitoring revealed numerous leaked PyPI tokens, primarily from GitHub and Docker Hub, with a significant number still valid and linked to active projects. Analysis of these tokens using the Python module pypitoken showed various restriction levels, providing insights into the associated projects and users. A surprising number of valid tokens persisted on GitHub despite existing scanning and revocation measures, suggesting potential gaps in GitHub's scanning coverage. Responsible disclosure to the PyPI security team led to the invalidation of these tokens and the development of new tools to facilitate future disclosures. The findings underscore the tangible risk posed by leaked PyPI tokens, emphasizing the need for proactive security measures, such as scanning for secrets, scoping tokens to specific projects, and ignoring sensitive files in version control to mitigate potential supply chain attacks.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 2 2,063 322 117 -4%