Tencent Cloud sites breached to expose valuable data – here’s what we know

Cybernews found “severe misconfigurations” in Tencent Cloud sites
Tencent Cloud seemed to have been leaking files for several months
The leak has now been plugged, but users should still be cautious

Tencent Cloud, one of Asia’s largest cloud providers, was apparently leaking login credentials and internal source code, putting countless customers at risk of data breaches, theft, impersonation, and more, experts have warned.

Security researchers at Cybernews found, “severe misconfigurations affecting two Tencent sites” which exposed environment files containing hardcoded credentials (including login information that granted access to Tencent’s internal admin console), and a .git directory storing the entire history of a software project (including sensitive source code and configuration details.

Cybernews found the leak in late July 2025 while scanning the internet for misconfigured systems, and following an investigation, believes the files were publicly accessible for months, starting at least from April 2025, warning they could have been used for all sorts of malicious activity.

Staging and production

“If found by a malicious actor, these credentials could allow full access to backend infrastructure or internal services within Tencent Cloud,” the researchers said.

Cybernews believes the exposed data was used for staging and production environments, meaning both might have been impacted. To make matters worse, the exposed passwords were also weak, and vulnerable to dictionary attacks. Many contained company names, years, and a few symbols, making them relatively large to break with a little automation.

Cybernews says it reached out to Tencent Cloud with their findings, and was told this was a previously known issue – someone already reported it. The company plugged the hole, which the researchers lauded, but warned that it might have been too late:

“The prolonged exposure raises alarming questions about how many scraping bots have already accessed this data and whether it has already been used for malicious purposes,” they said.

With access to these files and directories, a threat actor could gain full admin access to production systems, tamper with API services, pivot further into Tencent’s internal cloud infrastructure, and more.