Researchers from the Sysdig Threat Research Team detected a campaign that targeted exposed Git configuration files to steal over 15,000 cloud account and email service credentials. The threat actors reportedly “leveraged a range of private tools to exploit several misconfigured web services.” The Sysdig researchers note that ”the stolen data was stored in a S3 bucket of a previous victim.” Ref https://www.scworld.com/news/emeraldwhale-steals-15000-credentials-from-exposed-git-configurations