With their help, you can log in to sites using other people's logins without a password. -firefox-46d1bb5.jpg” alt=”Thousands of Firefox user cookies found on GitHub” />
Thousands of Firefox browser cookies found on GitHub that can be used to intercept users' Internet sessions. British expert Aidan Marlin was the first to report this, writes Kommersant.
Marlin told GitHub representatives about the leak, but they replied that “credentials provided by users of the service are not within the scope of the vulnerability search program ”.
Anyone can access uploaded cookies because GitHub is an open platform. And that makes the leak critical, not just for Firefox users. You can use such files in other browsers, and this also does not require a password. In addition, attackers could potentially reset all of the victim's credentials, taking full possession of her account.
Aidan Marlin suggests that the data of the developers themselves from GitHub, which they uploaded to the repository by mistake, turned out to be in the public domain. To eliminate the risk of their being used against you, it is important to clear your cookies regularly, do not use the browser's credential saving features, and change logins and passwords more often.