'How does Stripe know my secret key is leaked?

I recently moved some of my repositories from AWS Code Commit to GitHub. I accidentally made one of the repositories public, instead of private. Within less than 10 mins of committing the code, I got an email from Stripe that my secret key is publicly accessible, and it included the exact file/code line which has the key.

How did this happen?

  1. Does GitHub detects existence of some sensitive info and informs the provider via some WebHook?
  2. Does Stripe keeps crawling new repositories for such leakages? It sounds practically impossible to detect so quickly.

I cannot get my head around what could have triggered this detection at Stripe's end. I was thrilling to see the action though. Of course I have rotated the secret key.

securitystripe-paymentsapi-keyapplication-security


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Secure cookies flag always getting lost in first session after resetting IIS

How to show or hide contents of an aspx page based on current user's roles

protect images on webpage from being copied/saved?

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection

SSL certificate error for IE users only

How to access HttpContext and Request in RequireAssersion?

Send Public key(generated as seckeyref in iPhone) to server(in Java)

The EXECUTE permission is denied on the user-defined table types?

cannot commit or push using egit (guess: issues with secure storage area)

Authorisation in microservices - how to approach domain object or entity level access control using ACL?

Adding nonce value to @Scripts.Render ASP.Net MVC razor pages with NWebSec

SSL Java java.io.IOException: Invalid keystore format

preventing abuse of API service usage

Protecting or Licensing a Django Application