TruffleHog & Slack: GitHub Token Security Nightmare! #shorts

Name: TruffleHog & Slack: GitHub Token Security Nightmare! #shorts
Uploaded: 2026-04-09
Duration: 45 s
Description: Never share screenshots with sensitive data! Developers have already been compromised by GitHub tokens found in shared images, leading to private repo access. Learn how to prevent this security breach. #TruffleHog #GitHubSecurity #DevSecOps #ScreenshotVulnerability #AccessToken

BSides Frankfurt0:45729 viewsPublished 2026-04Watch on YouTube ↗

About this talk

Never share screenshots with sensitive data! Developers have already been compromised by GitHub tokens found in shared images, leading to private repo access. Learn how to prevent this security breach. #TruffleHog #GitHubSecurity #DevSecOps #ScreenshotVulnerability #AccessToken

Show transcript [en]

Truffle Hog, if you've never played around with it, I highly recommend it. And so, something else that's great about Slack, the API will let you search for text in screenshots. And so, some developers at Square a screen shared a screenshot. The screenshot had a GitHub access token in the screenshot somewhere. And so, that boom. Now they've got access to GitHub as a developer. They've stolen this second identity. Uh there was a legacy access token as well in GitHub, which don't expire and have the full privileges of that user. So, now they go in, they clone all the private repos, they keep reading the freaking manual, and they learn more and more about the environment. Oh, by the

way, now that 24-hour time, that's they don't have to worry about that. They've got access.

TruffleHog & Slack: GitHub Token Security Nightmare! #shorts

Related talks