Meta Joins GitHub Secret Scanning Program as Companion
This article was written in collaboration with Luigi Coniglio, the lead engineer on this project.
Meta is pleased to announce that it is partnering with GitHub as part of its Secret Scanning Program to protect people from Facebook access token misuse.
GitHub is used by millions of developers around the world to store and manage their code. By participating in the Secret Scanning Program, Meta works with GitHub to mitigate risks associated with exposed access tokens that are used to identify a user, app, or page. Access tokens contain sensitive information and should be treated confidentially at all times in accordance with our platform conditions. Publicly available access tokens run the risk of being used to gain unauthorized access to an app and possibly API data.
Whenever a new code is added to a public repository, GitHub scans it for Facebook access tokens. When it is detected, GitHub sends this information to Meta. Access tokens with a valid session are automatically invalidated. If an access token becomes invalid, the app admin is notified through the developer dashboard.
Our partnership with GitHub is part of our ongoing efforts to protect user data and the security of our platform. You can find more information about our access tokens in our developer documentation.