Security Affairs
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials via .git/config files. A new 2026 study by the Mysterium VPN research team reveals that nearly 5 million public web servers are exposing Git repository metadata — with over 250,000 of them exposing .git/config files containing deployment credentials. Such misconfigurations […]

Git Metadata

A study found nearly 5 million servers exposing Git metadata, with 250,000 leaking deployment credentials via .git/config files.

A new 2026 study by the Mysterium VPN research team reveals that nearly 5 million public web servers are exposing Git repository metadata — with over 250,000 of them exposing .git/config files containing deployment credentials.

Such misconfigurations let attackers reconstruct source code, steal secrets, and gain direct access. The issue persists due to deployment mistakes, hidden folders going live, and servers not blocking them by default, turning small errors into serious breaches.

Some key takeaways:
• 4.96M IPs were found with publicly accessible .git directories.
• 252,733 .git/config files contained active deployment credentials (~5%).
• The United States, Germany, and France topped the list of affected regions.
• Exposed metadata can lead to credential theft, malicious commits, and cloud access.

This is not just a technical oversight — it’s a widespread, internet-scale vulnerability affecting websites and organizations globally.

The study shows exposed Git servers are concentrated in major hosting hubs, led by the US, followed by Europe and APAC regions. Exposed .git folders enable source code theft, credential abuse, supply-chain attacks, internal mapping, and lateral moves into cloud and third-party services, often escalating a simple misconfiguration into a major breach.

Fixing exposed .git folders means blocking public access, keeping Git data out of production, and rotating any leaked credentials. Even a 5% credential exposure rate equals hundreds of thousands of usable secrets. Teams should prevent this with server rules, secrets management, pre-commit checks, monitoring, and rapid response plans.

“The findings highlight a widespread issue caused by deployment practices, inconsistent server configuration, and misplaced assumptions about safety. While the presence of exposed Git metadata alone is dangerous, the inclusion of credentials dramatically increases risk, enabling repository takeover, supply chain attacks, and access to cloud infrastructure.” concludes the report.

“The research underscores that even small percentages of credential exposure become severe at the internet scale and that attackers can automate discovery with ease.”

You can read the full write-up here:
https://www.mysteriumvpn.com/blog/news/git-metadata-leak

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Git Metadata)