CloudSEK’s Supply Chain Security platform, SVigil, uncovered a severe misconfiguration in the development infrastructure of a leading roadside assistance and insurance support service provider. This vendor works with major automotive manufacturers, dealerships, and insurance companies across India, managing sensitive customer and merchant data for thousands of vehicle-related service requests each month.

A misconfigured .git repository exposed over 20 GB of confidential data, including vehicle merchant details, customer Personally Identifiable Information (PII), financial records, operational documents, and critical access credentials. The breach also revealed full source code for internal e-portals used to service customers and process transactions.

‍

The Discovery: An Open Digital Door 

CloudSEK's SVigil, our Digital Supply Chain Security platform, continuously scans the public internet for your vendor’s exposed assets and misconfigurations. During a routine scan, SVigil flagged a critical vulnerability on two key subdomains belonging to the vendor: a publicly accessible .git folder.

A .git folder is like a project's master blueprint. It contains the entire source code and its revision history. Exposing this folder is equivalent to leaving the architectural plans, security safe combinations, and master keys to your corporate headquarters on a public sidewalk.

The discovery was immediate and the implications were severe. Exploiting this flaw required no sophisticated hacking. An attacker could utilize a readily available tool, such as Git Dumper, to retrieve the git object and decompress it into individual files. This simple action would clone the complete source code, giving them unprecedented access to the inner workings of the company's merchant e-portals.

‍

Key Findings: A Cascade of Critical Exposures

The exposed .git folder was not just a single leak; it was a gateway to a cascade of critical failures, putting the company, its partners, and its customers in immediate danger.

1. Complete Source Code and Secrets Compromise - Attackers could gain access to the complete source code of the company's e-portals. Hardcoded directly within this code were critical secrets, including:

• Email (SMTP) Credentials: Credentials for multiple SMTP service providers were exposed, allowing attackers to send emails as the company, paving the way for hyper-realistic and devastatingly effective phishing attacks. 

‍

• SMS Gateway Secrets: Valid secrets for sending text messages were found, enabling attackers to impersonate the company via SMS, a highly trusted communication channel.

• Payment Gateway Tokens: Highly sensitive tokens for a major payment gateway were hardcoded. These could be exploited to generate fake transactions, directly impacting the company's finances.  
• Cloud Database Credentials: Credentials for the company's leading cloud service provider’s Relational Database Service were exposed, risking a complete compromise of their cloud database infrastructure.

2. Massive Personal and Financial Data Exposure - The breach went far beyond technical secrets. It exposed a treasure trove of Personally Identifiable Information (PII) and sensitive financial documents belonging to over 6,700 vehicle merchants and their customers. The exposed data included:

• Customer PII: Full Names, Addresses, Mobile Numbers, and Vehicle Details. 
• Sensitive Merchant Documents: Over 6,000 scanned cancelled cheques, 6,000 service tax certificates, and 6,000 official registration documents.
• Official ID Documents: Over 2,000 scanned PAN cards (India's equivalent of a Social Security Number) and dealer photographs.

‍

‍

Business Impact 

The scope and depth of the breach underscore the seriousness of supply chain security for any organization relying on external vendors:

• Large-scale Phishing and Impersonation - Attackers could exploit leaked email and SMS credentials to impersonate support teams, dispatch fraudulent communications, and launch targeted phishing campaigns directly to customers appearing as authentic service notices.
• Identity Theft & Financial Frauds - Exposure of payment tokens and billing logs enables attackers to initiate unauthorized financial transactions—such as bogus refunds, fake merchant payouts, or manipulations in vehicle registry activities.
• Massive Data Breach Consequences - Access to the full source code and database credentials allows for deep exploitation: credential stuffing, theft of sensitive customer data, and creation of tailored attacks on vehicle buyers and merchants.
• Identity Theft and Document Forgery - Sensitive documents—dealer images, government certificates (including PAN and registration)—create direct opportunities for identity fraud and forgery, risking regulatory trouble and long-term losses.
• Reputational and Operational Damage - The very organizations that rely on this vendor for secure communications and compliance—dealers, buyers, insurance partners—face severe trust erosion, regulatory penalties, and potential business disruption.

‍

Recommendations

• Secure Development Artifacts – .git folders, environment files, and config files must never be exposed in production.
• Rotate & Secure Credentials – Hardcoded keys and tokens are a high-value target for attackers.
• Monitor Your Vendors – Your security is only as strong as the weakest link in your supply chain.
• Act Before Attackers Do – Passive detection and real-time monitoring are essential to prevent breaches before they escalate.

‍

The SVigil Advantage: Proactive Protection that Pays Off

This incident underscores the value of continuous vendor and third-party risk monitoring. SVigil flagged and contained a high-impact vulnerability that could have affected thousands of transactions across multiple brands and industries. 

By discovering the vulnerability before malicious actors did, SVigil prevented real-time data manipulation, refund fraud, and broader system abuse.

In the world of digital trust, prevention isn’t just better — it’s priceless.

About CloudSEK
CloudSEK is a unified digital risk management platform that leverages AI and machine learning to deliver real-time threat intelligence, attack surface monitoring, and supply chain security across enterprises globally.

‍