@koenrh reported that the index on one of our S3 buckets was world-readable. An attacker could have used this to download internal GitHub infrastructure graphs. The information exposed was limited and introduced minimal risk to GitHub. We addressed this issue by updating the configuration for this S3 bucket.

@koenrh earned an additional 500 points for donating their bounty to a great cause — the Tor Project. GitHub matches all bounties donated to 501(c)(3) organizations.