Hackers steal over 15000 cloud credentials from exposed Git files

Hackers, part of a group called "EmeraldWhale," have stolen over 15,000 cloud account credentials from misconfigured Git files in private repositories. This operation involved scanning for exposed Git configuration files that may contain sensitive authentication tokens. The hackers used automated tools to scan millions of IP addresses for these exposed files. Once found, they verified the tokens and accessed private repositories, leading to further data theft. The stolen credentials were then used for phishing and spam campaigns. Sysdig reported that the operation targeted both major platforms like GitHub and smaller repositories. They found one terabyte of stolen data, including active credentials. The campaign highlights the risks of improperly secured Git files and the need for better secret management practices among developers.