Home / Security updates / Datadog's Response to GitHub Webhook Secret Exposure
Datadog's Response to GitHub Webhook Secret Exposure
Security updates detail rendered from /security-updates/upd_6b7a6472a543909e.
Overview
| ID | upd_6b7a6472a543909e |
| Collection | Security Updates |
| Provider | SafeBase |
| Company | Datadog |
| URL | - |
| Counts | - |
| Updated | - |
Raw record
| Field | Value |
|---|---|
| id | upd_6b7a6472a543909e |
| providerId | safebase |
| organizationId | org_69291cebe8d5d66e |
| trustCenterId | tc_3aed993e7dda3cf3 |
| title | Datadog's Response to GitHub Webhook Secret Exposure |
| message | GitHub recently disclosed a bug active between September 11, 2025 and January 5, 2026, where webhook secrets were inadvertently included in an `X-Github-Encoded-Secret` HTTP header on webhook deliveries. Webhook deliveries were encrypted in transit via TLS, and the header was only accessible to the receiving endpoint. GitHub fixed the issue on January 26, 2026 and notified affected webhook owners directly. Upon learning of this issue, Datadog immediately launched an investigation and rotated webhook secrets for all internal Datadog-owned webhooks. We have no evidence that any webhook secrets have been misused. **Your Datadog account is not at risk**. Datadog validates webhook requests using a Datadog API key rather than the webhook secret, meaning an exposed secret cannot be used to impersonate GitHub or send forged webhook traffic to your Datadog org. If you use Datadog's GitHub Marketplace App integration, Datadog has already rotated the webhook secret and no action is required on |
| url | - |
| publishedAt | 2026-04-16 |
| source | {
"field": "statuspage/public/compliance-update",
"category": "incidents"
} |
| company | {
"id": "org_69291cebe8d5d66e",
"name": "Datadog",
"domains": [
"trust.datadoghq.com",
"datadoghq.com"
]
} |
| trust_center | {
"id": "tc_3aed993e7dda3cf3",
"name": "Datadog",
"url": "https://trust.datadoghq.com",
"host": "trust.datadoghq.com"
} |
| provider | {
"id": "safebase",
"name": "SafeBase"
} |
| links | {
"self": "/v1/security-updates/upd_6b7a6472a543909e",
"company": "/v1/companies/org_69291cebe8d5d66e",
"trust_center": "/v1/trust-centers/tc_3aed993e7dda3cf3",
"provider": "/v1/providers/safebase"
} |
Get this page with API
Rendered from the bluedoor Trust Centers API. Reproduce it:
GET https://api.bluedoor.sh/trust-centers/v1/security-updates/upd_6b7a6472a543909eJSON