A heads-up from @jasonukDev …
You can access data from deleted forks, deleted repositories and even private repositories on GitHub. And it is available forever. This is known by GitHub, and intentionally designed that way.
1 Like
The moral of the story here is that if you accidentally commit some kind of confidential info to one of your repos you need to remove it from the repo, and change that info because even after it has been deleted it can be accessed at some point by a fork of the repo, now and in the future.
If it’s something you can’t change then you’re probably in trouble and need to work out a way of mitigating it as if it was publicly viewable. I.e. change the way the authentication or secret works or add additional layers of security to your app or service.
Given that the most common SNAFU people make is to publish private keys or passwords/hashes it should be straightforward to resolve that by revoking them and changing, if you can - if not you’re going to have a bad day at work for some time to come 