The Personal Information Protection Commission on the 15th recommended that businesses using cloud-based services and software development collaboration tools implement protective measures.
The Personal Information Protection Commission (PIPC) also urged businesses to manage source code so that credentials such as access keys, passwords, and APIs (application programming interfaces) are not stored or exposed, and to use temporary credentials that expire automatically instead of long-term credentials.
It also asked them to restrict IP addresses and network segments where credentials can be used, apply multi-factor authentication to key systems such as databases and cloud management consoles, and grant only access permissions based on the principle of least privilege.
The Personal Information Protection Commission (PIPC) said, "Cases are being identified in which credentials are exposed in source code stored in development collaboration tools such as GitHub," and emphasized, "If credential information is stored in source code, it can be abused to access personal information processing systems."
GitHub is a coding collaboration platform operated by Microsoft (MS).