From One File to Full Exposure: Vendor’s .git File Leaks Source Code, Secrets, and Over 1 Million PII Records of Automotive Giants

CloudSEK's SVigil discovered a publicly accessible .git repository on a leading roadside assistance and insurance vendor, exposing ~20 GB of data including full source code, hardcoded SMTP/SMS/payment/cloud DB credentials, and PII/financial/identity documents for thousands of merchants and customers; this misconfiguration enabled trivial cloning with tools like Git Dumper and posed high-risk threats such as phishing, unauthorized transactions, identity theft, and large-scale data compromise.