GitHub repositories

Incidents Harmed By

Incident 11742 Report
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories

2025-02-26

Lasso Security reported that Microsoft Copilot could return content from GitHub repositories that had been public briefly but later set to private or deleted. Lasso attributed this to Bing's caching system, which stored "zombie data" from over 20,000 repositories. The cached content allegedly included sensitive information such as access keys, tokens, and internal packages. Microsoft reportedly classified the issue as low severity and applied only partial mitigations.

Related Entities

Microsoft

Incidents involved as both Developer and Deployer

Incident 1174
2 Reports
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories

GitHub users

Incidents Harmed By

Incident 1174
2 Reports
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories

GitHub

Incidents Harmed By

Incident 1174
2 Reports
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories

Incidents implicated systems

Incident 1174
2 Reports
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories

Microsoft Copilot

Incidents implicated systems

Incident 1174
2 Reports
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories

Bing

Incidents implicated systems

Incident 1174
2 Reports
Microsoft Copilot Reportedly Able to Access Cached Data from Since-Private GitHub Repositories