- Cybernews found “severe configuration errors” in Tencent cloud sites
- Tencent Cloud seemed to have fled files for several months
- The leak has now been blocked, but users should always be careful
Tencent Cloud, one of the largest Asian cloud suppliers, apparently disclosed connection identification information and an internal source code, which put countless customers at risk of data violations, theft, identity, and more, have warned experts.
Security researchers at Cyberness Found, “severe errors affecting two tencent sites” which exhibit environmental files containing hard -coded identification information (including connection information that has granted access to the internal administration console of Tencent), and a .git directory storing the complete history of a software project (including sensitive source code and configuration details.
Cybernews found the flight at the end of July 2025 when scanning the internet for poorly configured systems, and after an investigation, believes that the files were accessible to the public for months, from at least from April 2025, warning that they could have been used for all kinds of malicious activities.
Direction and production
“If it is found by a malicious player, this identification information could allow full access to the backend infrastructure or internal services in Tencent Cloud,” said researchers.
Cyberness believes that the data on display was used for staging and production environments, which means that the two could have been affected. To worsen things, the exposed passwords were also weak and vulnerable to the attacks of the dictionary. Many contained names, years and some symbols, which makes them relatively important to break with a little automation.
Cyberness said he contacted Tencent Cloud with their conclusions, and it was said that it was a previously known problem – someone has already reported it. The company connected the hole, which the researchers welcomed, but warned that it could be too late:
“Prolonged exposure raises alarming questions about the number of scratch robots has already accessed this data and if it has already been used for malicious purposes,” they said.
With access to these files and directories, a threat player could access the full administrator of production systems, alter the API services, pivot further in the internal cloud infrastructure of Tencent, etc.
