Nearly two million .git folders containing vital project information are exposed to the public, the Cybernews research team found.
Git is the most popular open-source, distributed version control system (VCS) developed nearly 20 years ago by Finnish-American software engineer Linus Torvalds. It coordinates work among programmers developing source code and allows to track changes.
A .git folder contains essential information about projects, such as remote repository addresses, commit history logs, and other essential metadata. Leaving this data in open access can lead to breaches and system exposure.
For example, another recent research by Cybernews discovered that CarbonTV, a US-based streaming service, left a server with its source code open, risking user safety and the company’s reputation. The source code was leaking due to poor control of access to the .git folder.