@kyprizel reported that legacy third-party API credentials were hardcoded in the source code distributed with GitHub Enterprise. The disclosed credentials were not found to be used maliciously.

We addressed the behavior by revoking the exposed credentials and removing them from the source code.