Threat actors could potentially compromise hundreds of thousands of websites due to a vulnerability
within the Git open source development tool, TechRadar
Defense.com noted that 332,000 websites, including 2,500 using the .gov domain, are at risk of potential data loss stemming from the flaw, which could be exploited to discover and download .git folders that contain websites' codebase histories, comments, security keys, previous code changes, sensitive remote paths, and plain-text passwords.
Attackers could also gain access to API keys and database credentials, as well as determine other potentially exploitable bugs, according to researchers.
Security vulnerabilities are prevalent in open source technology as a result of its publicly accessible code and should prompt organizations to apply immediate remediation efforts, said Defense.com CEO Oliver Pinson-Roxburgh.
"Whilst it is true that some folders would have been purposefully left accessible, the vast majority will be unaware of the threat they are facing," Pinson-Roxburgh added.