Code security firm Truffle Security warns that thousands of the domains in the Alexa top 1 million websites list are leaking secrets, including credentials. According to the company, which provides an open source secret-scanning engine, 4,500 of the analyzed websites exposed their .git directory. An analysis of the exposed credentials has revealed that AWS and GitHub keys were the most prevalent type of leaked secrets, accounting for 45% of all credentials. Truffle Security attempted to contact all impacted site owners after identifying and verifying the exposed secrets, but notes that the endeavor was not successful in all cases.

Read more: https://www.bbc.com/news/world-europe-66731927