Cybercriminals intensify hunt for exposed Git secrets

Posted on by

Hackers have far too much to gain from exposed Git configuration files. “In some cases, if the full .git directory is also exposed, attackers may be able to reconstruct the entire codebase — including commit history, which may contain confidential information, credentials, or sensitive logic,” researchers said.

Last week, cybersecurity researcher Sharon Brizinov reported collecting $64,000 in bug bounty winnings for finding dozens of GitHub repositories still exposing secrets from deleted files owing to Git’s retention of code changes and associated files even after deletion.

The chain of Internet Archive breaches from October 2024 was reportedly carried out using credentials (Gitlab secrets) stolen in the same way. GreyNoise recommended restricting .git directory access from public web servers, blocking access to hidden files and folders in web server configurations, checking logs for repeated requests for .git/config, and rotating any credentials exposed in version control history, to stay ahead of hackers.