The exposure was discovered by RedHunt Labs, which found an employee’s authentication token in a public GitHub repository. It could be used to access other private repositories containing cloud access keys, design documents, and source code.