🚀 CloudSEK has raised $19M Series B1 Round – Powering the Future of Predictive Cybersecurity
CloudSEK Success Stories
6
mins read

From One File to Full Exposure: Vendor’s .git File Leaks Source Code, Secrets, and Over 1 Million PII Records of Automotive Giants

CloudSEK’s SVigil uncovered a misconfigured .git repository at a major roadside assistance and insurance vendor, exposing over 20GB of sensitive data tied to leading automotive brands. The leak included full source code, payment gateway tokens, cloud database credentials, and over 1 million PII records of customers and merchants. This flaw risked large-scale phishing, fraud, identity theft, and severe reputational damage across India’s automotive and insurance ecosystem.

Hansika Saxena
August 14, 2025
Green Alert
Last Update posted on
August 14, 2025
Make sure there's no weak link in your supply chain.

2023 was marked by a rise in supply chain attacks. Ensure robust protection across your software supply chain with CloudSEK SVigil.

Schedule a Demo
Table of Contents
Author(s)
Coauthors image
Suyash Anurag

CloudSEK’s Supply Chain Security platform, SVigil, uncovered a severe misconfiguration in the development infrastructure of a leading roadside assistance and insurance support service provider. This vendor works with major automotive manufacturers, dealerships, and insurance companies across India, managing sensitive customer and merchant data for thousands of vehicle-related service requests each month.

A misconfigured .git repository exposed over 20 GB of confidential data, including vehicle merchant details, customer Personally Identifiable Information (PII), financial records, operational documents, and critical access credentials. The breach also revealed full source code for internal e-portals used to service customers and process transactions.

The Discovery: An Open Digital Door 

CloudSEK's SVigil, our Digital Supply Chain Security platform, continuously scans the public internet for your vendor’s exposed assets and misconfigurations. During a routine scan, SVigil flagged a critical vulnerability on two key subdomains belonging to the vendor: a publicly accessible .git folder.

A .git folder is like a project's master blueprint. It contains the entire source code and its revision history. Exposing this folder is equivalent to leaving the architectural plans, security safe combinations, and master keys to your corporate headquarters on a public sidewalk.

The discovery was immediate and the implications were severe. Exploiting this flaw required no sophisticated hacking. An attacker could utilize a readily available tool, such as Git Dumper, to retrieve the git object and decompress it into individual files. This simple action would clone the complete source code, giving them unprecedented access to the inner workings of the company's merchant e-portals.

Key Findings: A Cascade of Critical Exposures

The exposed .git folder was not just a single leak; it was a gateway to a cascade of critical failures, putting the company, its partners, and its customers in immediate danger.

  1. Complete Source Code and Secrets Compromise - Attackers could gain access to the complete source code of the company's e-portals. Hardcoded directly within this code were critical secrets, including:
  • Email (SMTP) Credentials: Credentials for multiple SMTP service providers were exposed, allowing attackers to send emails as the company, paving the way for hyper-realistic and devastatingly effective phishing attacks. 

  • SMS Gateway Secrets: Valid secrets for sending text messages were found, enabling attackers to impersonate the company via SMS, a highly trusted communication channel.
  • Payment Gateway Tokens: Highly sensitive tokens for a major payment gateway were hardcoded. These could be exploited to generate fake transactions, directly impacting the company's finances.  
  • Cloud Database Credentials: Credentials for the company's leading cloud service provider’s Relational Database Service were exposed, risking a complete compromise of their cloud database infrastructure.
  1. Massive Personal and Financial Data Exposure - The breach went far beyond technical secrets. It exposed a treasure trove of Personally Identifiable Information (PII) and sensitive financial documents belonging to over 6,700 vehicle merchants and their customers. The exposed data included:
  • Customer PII: Full Names, Addresses, Mobile Numbers, and Vehicle Details. 
  • Sensitive Merchant Documents: Over 6,000 scanned cancelled cheques, 6,000 service tax certificates, and 6,000 official registration documents.
  • Official ID Documents: Over 2,000 scanned PAN cards (India's equivalent of a Social Security Number) and dealer photographs.

Business Impact 

The scope and depth of the breach underscore the seriousness of supply chain security for any organization relying on external vendors:

  • Large-scale Phishing and Impersonation - Attackers could exploit leaked email and SMS credentials to impersonate support teams, dispatch fraudulent communications, and launch targeted phishing campaigns directly to customers appearing as authentic service notices.
  • Identity Theft & Financial Frauds - Exposure of payment tokens and billing logs enables attackers to initiate unauthorized financial transactions—such as bogus refunds, fake merchant payouts, or manipulations in vehicle registry activities.
  • Massive Data Breach Consequences - Access to the full source code and database credentials allows for deep exploitation: credential stuffing, theft of sensitive customer data, and creation of tailored attacks on vehicle buyers and merchants.
  • Identity Theft and Document Forgery - Sensitive documents—dealer images, government certificates (including PAN and registration)—create direct opportunities for identity fraud and forgery, risking regulatory trouble and long-term losses.
  • Reputational and Operational Damage - The very organizations that rely on this vendor for secure communications and compliance—dealers, buyers, insurance partners—face severe trust erosion, regulatory penalties, and potential business disruption.

Recommendations

  • Secure Development Artifacts – .git folders, environment files, and config files must never be exposed in production.
  • Rotate & Secure Credentials – Hardcoded keys and tokens are a high-value target for attackers.
  • Monitor Your Vendors – Your security is only as strong as the weakest link in your supply chain.
  • Act Before Attackers Do – Passive detection and real-time monitoring are essential to prevent breaches before they escalate.

The SVigil Advantage: Proactive Protection that Pays Off

This incident underscores the value of continuous vendor and third-party risk monitoring. SVigil flagged and contained a high-impact vulnerability that could have affected thousands of transactions across multiple brands and industries. 

By discovering the vulnerability before malicious actors did, SVigil prevented real-time data manipulation, refund fraud, and broader system abuse.

In the world of digital trust, prevention isn’t just better — it’s priceless.

About CloudSEK
CloudSEK is a unified digital risk management platform that leverages AI and machine learning to deliver real-time threat intelligence, attack surface monitoring, and supply chain security across enterprises globally.

Author

Hansika Saxena

Hansika joined CloudSEK's Editorial team as a Technical Writer and is a B.Sc (Hons) student at the University of Delhi. She was previously associated with Youth India Foundation for a year.

Predict Cyber threats against your organization

Schedule a Demo
Related Posts
No items found.

Join 10,000+ subscribers

Keep up with the latest news about strains of Malware, Phishing Lures,
Indicators of Compromise, and Data Leaks.

Take action now

Secure your organisation with our Award winning Products

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

CloudSEK XVigil

Digital Risk Protection platform which gives Initial Attack Vector Protection for employees and customers.

Learn more about XVigil
CloudSEK SVigil

Software and Supply chain Monitoring providing Initial Attack Vector Protection for Software Supply Chain risks.

Learn more about SVigil
CloudSEK SVigil

Creates a blueprint of an organization's external attack surface including the core infrastructure and the software components.

Learn more about BeVigil Ent
CloudSEK BeVigil

Instant Security Score for any Android Mobile App on your phone. Search for any app to get an instant risk score.

Learn more about BeVigil

From One File to Full Exposure: Vendor’s .git File Leaks Source Code, Secrets, and Over 1 Million PII Records of Automotive Giants

CloudSEK’s SVigil uncovered a misconfigured .git repository at a major roadside assistance and insurance vendor, exposing over 20GB of sensitive data tied to leading automotive brands. The leak included full source code, payment gateway tokens, cloud database credentials, and over 1 million PII records of customers and merchants. This flaw risked large-scale phishing, fraud, identity theft, and severe reputational damage across India’s automotive and insurance ecosystem.
August 14, 2025
6
min
Table of Content
Example H2

CloudSEK’s Supply Chain Security platform, SVigil, uncovered a severe misconfiguration in the development infrastructure of a leading roadside assistance and insurance support service provider. This vendor works with major automotive manufacturers, dealerships, and insurance companies across India, managing sensitive customer and merchant data for thousands of vehicle-related service requests each month.

A misconfigured .git repository exposed over 20 GB of confidential data, including vehicle merchant details, customer Personally Identifiable Information (PII), financial records, operational documents, and critical access credentials. The breach also revealed full source code for internal e-portals used to service customers and process transactions.

The Discovery: An Open Digital Door 

CloudSEK's SVigil, our Digital Supply Chain Security platform, continuously scans the public internet for your vendor’s exposed assets and misconfigurations. During a routine scan, SVigil flagged a critical vulnerability on two key subdomains belonging to the vendor: a publicly accessible .git folder.

A .git folder is like a project's master blueprint. It contains the entire source code and its revision history. Exposing this folder is equivalent to leaving the architectural plans, security safe combinations, and master keys to your corporate headquarters on a public sidewalk.

The discovery was immediate and the implications were severe. Exploiting this flaw required no sophisticated hacking. An attacker could utilize a readily available tool, such as Git Dumper, to retrieve the git object and decompress it into individual files. This simple action would clone the complete source code, giving them unprecedented access to the inner workings of the company's merchant e-portals.

Key Findings: A Cascade of Critical Exposures

The exposed .git folder was not just a single leak; it was a gateway to a cascade of critical failures, putting the company, its partners, and its customers in immediate danger.

  1. Complete Source Code and Secrets Compromise - Attackers could gain access to the complete source code of the company's e-portals. Hardcoded directly within this code were critical secrets, including:
  • Email (SMTP) Credentials: Credentials for multiple SMTP service providers were exposed, allowing attackers to send emails as the company, paving the way for hyper-realistic and devastatingly effective phishing attacks. 

  • SMS Gateway Secrets: Valid secrets for sending text messages were found, enabling attackers to impersonate the company via SMS, a highly trusted communication channel.
  • Payment Gateway Tokens: Highly sensitive tokens for a major payment gateway were hardcoded. These could be exploited to generate fake transactions, directly impacting the company's finances.  
  • Cloud Database Credentials: Credentials for the company's leading cloud service provider’s Relational Database Service were exposed, risking a complete compromise of their cloud database infrastructure.
  1. Massive Personal and Financial Data Exposure - The breach went far beyond technical secrets. It exposed a treasure trove of Personally Identifiable Information (PII) and sensitive financial documents belonging to over 6,700 vehicle merchants and their customers. The exposed data included:
  • Customer PII: Full Names, Addresses, Mobile Numbers, and Vehicle Details. 
  • Sensitive Merchant Documents: Over 6,000 scanned cancelled cheques, 6,000 service tax certificates, and 6,000 official registration documents.
  • Official ID Documents: Over 2,000 scanned PAN cards (India's equivalent of a Social Security Number) and dealer photographs.

Business Impact 

The scope and depth of the breach underscore the seriousness of supply chain security for any organization relying on external vendors:

  • Large-scale Phishing and Impersonation - Attackers could exploit leaked email and SMS credentials to impersonate support teams, dispatch fraudulent communications, and launch targeted phishing campaigns directly to customers appearing as authentic service notices.
  • Identity Theft & Financial Frauds - Exposure of payment tokens and billing logs enables attackers to initiate unauthorized financial transactions—such as bogus refunds, fake merchant payouts, or manipulations in vehicle registry activities.
  • Massive Data Breach Consequences - Access to the full source code and database credentials allows for deep exploitation: credential stuffing, theft of sensitive customer data, and creation of tailored attacks on vehicle buyers and merchants.
  • Identity Theft and Document Forgery - Sensitive documents—dealer images, government certificates (including PAN and registration)—create direct opportunities for identity fraud and forgery, risking regulatory trouble and long-term losses.
  • Reputational and Operational Damage - The very organizations that rely on this vendor for secure communications and compliance—dealers, buyers, insurance partners—face severe trust erosion, regulatory penalties, and potential business disruption.

Recommendations

  • Secure Development Artifacts – .git folders, environment files, and config files must never be exposed in production.
  • Rotate & Secure Credentials – Hardcoded keys and tokens are a high-value target for attackers.
  • Monitor Your Vendors – Your security is only as strong as the weakest link in your supply chain.
  • Act Before Attackers Do – Passive detection and real-time monitoring are essential to prevent breaches before they escalate.

The SVigil Advantage: Proactive Protection that Pays Off

This incident underscores the value of continuous vendor and third-party risk monitoring. SVigil flagged and contained a high-impact vulnerability that could have affected thousands of transactions across multiple brands and industries. 

By discovering the vulnerability before malicious actors did, SVigil prevented real-time data manipulation, refund fraud, and broader system abuse.

In the world of digital trust, prevention isn’t just better — it’s priceless.

About CloudSEK
CloudSEK is a unified digital risk management platform that leverages AI and machine learning to deliver real-time threat intelligence, attack surface monitoring, and supply chain security across enterprises globally.

Hansika Saxena
Hansika joined CloudSEK's Editorial team as a Technical Writer and is a B.Sc (Hons) student at the University of Delhi. She was previously associated with Youth India Foundation for a year.

Hansika joined CloudSEK's Editorial team as a Technical Writer and is a B.Sc (Hons) student at the University of Delhi. She was previously associated with Youth India Foundation for a year.

Related Blogs

No items found.