diff --git a/rust/ql/test/library-tests/sensitivedata/test.rs b/rust/ql/test/library-tests/sensitivedata/test.rs
index 1e1eca6a42b..81ef1b782ea 100644
--- a/rust/ql/test/library-tests/sensitivedata/test.rs
+++ b/rust/ql/test/library-tests/sensitivedata/test.rs
@@ -78,7 +78,7 @@ fn test_passwords(
 	sink(encoded_password);
 	sink(password_hash);
 	sink(passwordFile);
-	sink(coauthor); // $ SPURIOUS: sensitive=password
+	sink(coauthor);
 
 	sink(ms.harmless.as_str());
 	sink(ms.password_file_path.as_str());
diff --git a/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll b/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll
index 9cc414ef85f..c16478902e4 100644
--- a/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll
+++ b/shared/concepts/codeql/concepts/internal/SensitiveDataHeuristics.qll
@@ -146,12 +146,12 @@ module HeuristicNames {
    *
    * We also filter out common words like `certain` and `concert`, since otherwise these could
    * be matched by the certificate regular expressions. Same for `accountable` (account),
-   * `secretarial` (secret), `wildcard` (card).
+   * `secretarial` (secret), `wildcard` (card), `coauthor` (oauth).
    */
   string notSensitiveRegexp() {
     result =
       "(?is).*([^\\w$.-]|redact|censor|obfuscate|hash|md5|sha|random|((?<!un)(en))?(crypt|(?<!pass)code)|"
-        + "certain|concert|secretar|wildcard|account(ant|ab|ing|ed)|(?<!pro)file|path|([_-]|\\b)url).*"
+        + "certain|concert|secretar|wildcard|coauthor|account(ant|ab|ing|ed)|(?<!pro)file|path|([_-]|\\b)url).*"
   }
 
   /**