On April 2, 2023, Replit identified a vulnerability that potentially exposed GitHub auth tokens for less than 0.01% of its users due to the GitHub import feature, potentially allowing unauthorized access to their repositories. The vulnerability was swiftly addressed, with all existing tokens revoked and the feature restored after securing the system. Users who met specific conditions, such as having public Repls or Repls with HTTP servers, were notified, though there was no evidence of token misuse. Replit advised these users to review GitHub logs for suspicious activity and take necessary precautions, including revoking or rotating secrets if needed. Prompt action by Replit's security team, including disabling the feature, revoking tokens, and examining logs, ensured no further exposure, and a new GitHub app was established to restore functionality securely. Replit expressed commitment to improving security practices by using static code analysis tools and scanning Repls for misplaced credentials and acknowledged the responsible disclosure by a young community member who reported the issue.