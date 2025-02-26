Lasso Uncovers Sensitive Private GitHub Repositories from Fortune 500 Companies found Exposed in Microsoft Copilot via Bing Cache

February 2025 by Lasso

Lasso announces the discovery of a critical exposure affecting thousands of private GitHub repositories that were revealed due to Microsoft Copilot and Bing’s caching mechanism. The vulnerability has exposed entire confidential archives that contain intellectual property, sensitive corporate data, access keys and tokens from major enterprises such as IBM, Google, Tencent and PayPal as well as Microsoft itself.

Lasso initially discovered the issue when its own private GitHub repository content appeared in Microsoft Copilot and was found indexed and cached by Bing. Upon further investigation, the research team at Lasso identified thousands of additional private repositories that had been similarly exposed. Some of these contained highly sensitive credentials, which, in certain cases, allowed unauthorized access to enterprise environments.

During the research, Lasso detected:

Over 20,000 extracted GitHub repositories

More than 100 internal Python and Node.js packages vulnerable to dependency confusion

Over 300 exposed private tokens, keys, and secrets linked to GitHub, Hugging Face, GCP, OpenAI, and other platforms.

This exposure has affected over 16,000 organizations.

Following the research, Lasso notified Microsoft of this issue in November 2024 and in January 2025, Microsoft changed its security policy and restricted public access to Bing’s cache. In addition, Lasso has also contacted all parties impacted by this vulnerability

"Modern organizations must now operate under the assumption that any data leaving their network, even if public only momentarily, can be ingested by LLM engines and search engines, making it permanently accessible," said Ophir Dror, CPO & Co-Founder at Lasso. "Some of this data may not be visible through traditional web searches, yet Copilot and other GenAI tools using indexed data may still retain and expose it.

Lasso’s Security Researcher Bar Lanyardo adds, "This creates a new attack vector where a single prompt could unintentionally leak sensitive corporate information. Companies must recognize that it is more critical than ever to protect and sanitize outgoing data streams, controlling every bit of data that exits your parameter."

