Re: Free account monitoring service for the next year...
"I guess since GitHub (and MS?) are responsible for the disclosure of his information"
He is also responsible. Anybody who posts anything with commercially sensitive data to a remote location without encryption is to say the least somewhat careless. I wouldn't wish that kind of attack on anybody, but, wtf was he doing? You always have to consider the possibility of fat finger leakage.
Having said that, if the guy at my former company (who didn't want separate configuration files because it was "too complicated" and so wanted embedded credentials baked in) is reading this - now do you believe me?