70 percent of leaked credentials remain active two years on
A new report shows 70 percent of secrets leaked in 2022 remain active today, creating an expanding attack surface that grows more dangerous with each passing day.
The study from GitGuardian also reveals a 25 percent increase in leaked secrets year-on-year, with 23.8 million new credentials detected on public GitHub in 2024 alone.
"The explosion of leaked secrets represents one of the most significant yet underestimated threats in cybersecurity," says Eric Fourrier, CEO of GitGuardian. "Unlike sophisticated zero-day exploits, attackers don't need advanced skills to exploit these vulnerabilities -- just one exposed credential can provide unrestricted access to critical systems and sensitive data."
Fourrier points points out the 2024 US Treasury Department breach as a warning, "A single leaked API key from BeyondTrust allowed attackers to infiltrate government systems. This wasn't a sophisticated attack -- it was a simple case of an exposed credential that bypassed millions in security investments."
The research also finds that 35 percent of all private repositories scanned contained at least one plaintext secret, challenging the common assumption that private repositories are secure. AWS IAM keys appeared in plain text in 8.17 percent of private repositories -- over five times more frequently than in public ones (1.45 percent). Generic passwords appeared nearly three times more often in private repositories (24.1 percent) compared to public ones (8.94 percent).
Collaboration platforms and containers environments where security controls are typically weaker create security blind spots too. 2.4 percent of channels within analyzed Slack workspaces contained leaked secrets, while in Jira 6.1 percent of tickets exposed credentials, making it the most vulnerable collaboration tool. In DockerHub 98 percent of detected secrets were embedded exclusively in image layers, with over 7,000 valid AWS keys currently exposed.
As AI-generated code, automation, and cloud-native development accelerate, the report forecasts that secrets sprawl will only intensify. While GitHub's Push Protection has reduced some leaks, it still leaves significant gaps -- particularly with generic secrets, private repositories, and collaboration tools.
"For CISOs and security leaders, the goal isn't just detection -- it's the remediation of these vulnerabilities before they're exploited," says Fourrier. "This requires a comprehensive approach that includes automated discovery, detection, remediation, and stronger secrets governance across all enterprise platforms."
The full State of Secrets Sprawl 2025 report is available on the GitGuardian site.
Image credit: jujong11/depositphotos.com