how do you know that no customer data was affected? did you work with github and scan all uses of your keys? how do you know if a use of your github key was authentic or not? did you check with anthroipic/openai/etc to scan logs usage?

It's really hard to trust a "hey we got this guys" statement after a fuckup this big

That's why countries should start to legislate on these matters, there are no incentives in focusing on security and properly report to the customers such vulnerability.

Notice how replies like this never get a response?

I had a visceral and (quite audible) reaction when I got to the environment variable listing.

what does that mean? Were the leaked keys irrelevant?

This is the third or fourth time you’ve spammed this exact comment in response to people’s perfectly legitimate questions. What is this clown-show bullshit?