Researchers informed organization of a flaw that exposed GitHub credentials through the organization’s vulnerability disclosure program.