In his haste, John accidentally uploaded the password.txt file to his public GitHub repository, thinking he had added it to his .gitignore file. The file contained sensitive information, including API keys, database credentials, and even his colleague's login passwords.