- CyberNews found “severe erroneous contemgrations” at Tencent cloud sites
- Tencent Cloud seemed to filter files for several months
- The leak has been connected, but users must still be cautious.
Tencent Cloud, one of the largest cloud suppliers in Asia, was apparently filtering login credentials and internal source code, putting innumerable clients at risk of data violations, theft, impersonation and more, experts have warned.
Security researchers in Cybernews He found, “severe erroneous configurations that affect two Tencent sites” that presented environmental files containing coded credentials (including the login information that granted access to the Tecent Internal Administration console) and a .GIT directory that stores the entire history of a software project (including sensitive source codes and configuration details.
Cybernews found the filtration at the end of July 2025 while scanning the Internet for poorly configured systems, and after an investigation, he believes that the files were publicly accessible for months, from least since April 2025, warning that they could have been used for all kinds of malicious activities.
Staging and production
“If a malicious actor finds it, these credentials could allow total access to backend infrastructure or internal services within Tencent Cloud,” the researchers said.
Cybernews He believes that the exposed data were used for staging and production environments, which means that both could have been affected. To make things worse, the exposed passwords were also weak and vulnerable to dictionary attacks. Many contained names of companies, years and some symbols, making them relatively large to break some automation.
Cybernews He says he approached Tencent Cloud with his findings, and told him that this was a previously known problem: someone already reported it. The company connected the hole, which the researchers praised, but warned that it could have been too late:
“The prolonged exposure raises alarming questions about how many scraping bots have already accessed this data and if it has already been used for malicious purposes,” they said.
With access to these files and directories, a threat actor could obtain full administrator access to production systems, alter API services, pivot even more in the infrastructure of the internal cloud of Tencent and more.
