Credential Leak

A subject causes authentication credentials or secrets, such as usernames, passwords, API tokens, SSH keys, OAuth secrets, or cryptographic materials, to be exposed outside the organization’s intended control boundaries. This may occur through negligent behavior, misuse of tools, or deliberate exfiltration.

Credential and secret leaks often occur via public code repositories, unsecured cloud storage, pastebin-like services, or misconfigured collaboration platforms. Exposure may be inadvertent, such as committing secrets to GitHub, or intentional, as part of infrastructure tampering or external coordination.

Common vectors include:

• Posting .env or YAML configuration files containing plaintext secrets to a personal Git repository.
• Sharing log files with embedded credentials or access tokens in unprotected cloud folders.
• Including secrets in browser-based troubleshooting tools or screenshots.
• Saving credential artifacts to unmanaged devices or syncing secrets via personal backup utilities.
•  

Even if not immediately exploited, leaked credentials and secrets pose a latent threat. They enable unauthorized access, undermine forensic integrity, and often require mass credential rotation.