Tencent Cloud sites breached to expose valuable data - here's what we know

• Cybernews found "severe misconfigurations" in Tencent Cloud sites
• Tencent Cloud seemed to have been leaking files for several months
• The leak has now been plugged, but users should still be cautious

Tencent Cloud, one of Asia’s largest cloud providers, was apparently leaking login credentials and internal source code, putting countless customers at risk of data breaches, theft, impersonation, and more, experts have warned.

Security researchers at Cybernews found, “severe misconfigurations affecting two Tencent sites” which exposed environment files containing hardcoded credentials (including login information that granted access to Tencent’s internal admin console), and a .git directory storing the entire history of a software project (including sensitive source code and configuration details.

Cybernews found the leak in late July 2025 while scanning the internet for misconfigured systems, and following an investigation, believes the files were publicly accessible for months, starting at least from April 2025 ...