Estafette
Compose Login
You are browsing eu.zone1 in read-only mode. Log in to participate.
rss-bridge 2026-02-27T08:02:51+00:00

12 Million exposed .env files reveal widespread security failures

Mysterium VPN found 12M IPs exposing .env files, leaking credentials and revealing widespread security misconfigurations worldwide. Configuration mistakes rarely trigger alarms. A forgotten deny rule, an overlooked server setting, or a full project folder uploaded to production can quietly expose a company’s most sensitive secrets. In many cases, those secrets live inside simple environment files […]

---

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

MUST READ

Canadian Tire 2025 data breach impacts 38 million users

Microsoft warns of RAT delivered through trojanized gaming utilities

Aeternum botnet hides commands in Polygon smart contracts

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Juniper issues emergency patch for critical PTX router RCE

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

12 Million exposed .env files reveal widespread security failures

ManoMano data breach impacted 38 Million customer accounts

Trend Micro fixes two critical flaws in Apex One

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Untrusted repositories turn Claude code into an attack vector

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

Lazarus APT group deployed Medusa Ransomware against Middle East target

SolarWinds patches four critical Serv-U flaws enabling root access

VMware Aria Operations flaws could enable remote attacks

- Home

- Cyber Crime

- Cyber warfare

- APT

- Data Breach

- Deep Web

- Hacking

- Hacktivism

- Intelligence

- Artificial Intelligence

- Internet of Things

- Laws and regulations

- Malware

- Mobile

- Reports

- Security

- Social Networks

- Terrorism

- ICS-SCADA

- Crypto

- POLICIES

- Contact me

- Home

- Breaking News

- Data Breach

- Hacking

- Security

- 12 Million exposed .env files reveal widespread security failures

12 Million exposed .env files reveal widespread security failures

Pierluigi Paganini
February 27, 2026

Mysterium VPN found 12M IPs exposing .env files, leaking credentials and revealing widespread security misconfigurations worldwide.

Configuration mistakes rarely trigger alarms. A forgotten deny rule, an overlooked server setting, or a full project folder uploaded to production can quietly expose a company’s most sensitive secrets. In many cases, those secrets live inside simple environment files known as .env files.

Researchers at Mysterium VPN identified 12,088,677 IP addresses serving publicly accessible .env-style files.

“Researchers here at Mysterium VPN identified over 12 million IP addresses with publicly accessible .env-style files, revealing credentials and tokens, including JWT signing keys, API keys, database passwords, and service tokens.” reads the report published by Mysterium VPN. “The United States leads the count with nearly 2.8 million exposed IPs, accounting for around 23% of the total IP pool. The issue is global: Japan (1.1M), Germany (777K), India (652K), France (636K), and the UK (583K) also have substantial exposures, showing that this is a global security hygiene problem.”

These files exposed database credentials, API keys, JWT signing secrets, cloud tokens, and other sensitive values. The scale reveals a widespread operational hygiene problem affecting organizations across industries and regions.

Attackers who retrieve these secrets skip the break-in phase entirely. They log in with valid credentials, query databases, forge authentication tokens, abuse APIs, or access cloud storage. OWASP guidance stresses strict secret control, rotation, auditing, and least-privilege scoping because exposed secrets often lead directly to compromise.

The exposure spans the globe. The United States accounts for nearly 2.8 million affected IPs, followed by Japan, Germany, India, France, the UK, Singapore, Ireland, Canada, and Australia. Large cloud and hosting footprints explain part of the distribution, but the pattern points to repeated deployment and configuration mistakes across ecosystems—not a single flawed platform.

The consequences can escalate quickly. Database credentials enable data theft and privilege escalation. API keys invite financial abuse and spam campaigns. Leaked JWT secrets allow attackers to forge tokens and hijack accounts. SMTP credentials open the door to phishing from legitimate domains. Cloud storage keys can expose backups, identity documents, and internal files.

When teams discover an exposed .env file, they must treat the event as a full security incident. Remove public access immediately, purge caches, and rotate every secret in the file. Invalidate tokens, review logs for suspicious access, and implement automated secret scanning in repositories and CI pipelines.

The Mysterium VPN findings highlight a systemic issue: secret exposure continues at massive scale because teams treat configuration as an afterthought. Security teams must embed secret governance into development workflows, deployment pipelines, and infrastructure baselines. Without that shift, a single overlooked file will keep turning routine deployments into full-scale breaches.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, .env files)

---

---

.env files
data breach
data leak

you might also like

Pierluigi Paganini
March 01, 2026

Read more

Pierluigi Paganini
February 28, 2026

Canadian Tire 2025 data breach impacts 38 million users

Read more

up-to-date!

recent articles

Security / March 01, 2026

Canadian Tire 2025 data breach impacts 38 million users

Data Breach / February 28, 2026

Microsoft warns of RAT delivered through trojanized gaming utilities

Malware / February 28, 2026

Aeternum botnet hides commands in Polygon smart contracts

Mobile / February 27, 2026

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Security / February 27, 2026

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.

Manage consent

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.

SAVE & ACCEPT

---

[Original source](https://securityaffairs.com/188590/hacking/12-million-exposed-env-files-reveal-widespread-security-failures.html)

Reply