According to Sakura Samurai, exposed Git credentials and directories allowed them to clone Git repositories and collect a large amount of personally identifiable information of more than 100,000 employees. The exposed subdomain posed a greater privacy risk because it was leaking Git credentials.
Read full article on HackRead