Researcher says deleted GitHub data can be accessed ‘forever’

Truffle Security has warned that all repository and fork data on GitHub, even data that has been deleted or made private, can be accessed by anyone. Joe Leon, a security researcher at Truffle, stated that this is an intentionally designed feature of the platform. Leon claims that this is a massive attack vector for all organizations using GitHub and has coined the term cross fork object reference (CFOR) to describe the vulnerability.