+1 to that. Even with private repos a rogue employee could have access to the credentials, and if the payout is big enough it may just be worth it for them.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Key lesson is NOT to hide your repos, but to keep your credentials out of your code.
+1 to that. Even with private repos a rogue employee could have access to the credentials, and if the payout is big enough it may just be worth it for them.