How Fortune 500 Companies Leak Secrets: A 3-Year Longitudinal Study

Tracking public credential exposure across the Fortune 500 over three years.

We tracked publicly visible credential leaks from Fortune 500 companies over a three-year period using TruffleHog's public scanning infrastructure. 73% of companies had at least one verified leaked credential in public repositories during the study period. The most common sources were employee personal GitHub accounts, acquired company repositories, and vendor integrations.