Sign in / up

Reply to post:

NHS-backed org reacted to GitHub leak disclosure with legal threats and police call, complains IT pro

Rob Dyke
Reply Icon

I no point did I reuse any credentials.

The portal code allowed registration of new accounts (served over HTTP). This has been independently verified.

The financial records were in the repo. There was also a third-party SaaS product that had been configured with public read access. The URLs for the SaaS product were in the repo.

No credential use was necessary.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon