ADVERTISEMENT

Tencent sites leak sensitive credentials, expose backend to hackers

Cybernews researchers have discovered severe misconfigurations affecting two Tencent sites, exposing sensitive credentials and internal source code. The critical flaws could potentially grant full access to internal services and backend infrastructure within Tencent Cloud. Tencent explained after the publication that no data was exposed and that the findings relate to a honeypot deployed as a security test.

Tencent Cloud

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
Aug 27, 2025 Updated: 29 August 2025 3 min read
Key takeaways:
Jurgita Lapienyte Gintaras Radauskas Konstancija Gasaityte Niamh Ancell
Be the first to know and get our latest stories on Google News
Add us as your Preferred Source on Google.
tencent-leak

An open door for hackers

ADVERTISEMENT
  • Gain full administrative access to the production systems
  • Tamper with internal API services
  • Attach malicious payloads to the trusted front-end code
  • Pivot further into Tencent’s internal cloud infrastructure
  • Or simply abuse the trusted Tencent domain for malicious phishing campaigns
tencent-leak1

  • Leak discovered: July 23rd, 2025
  • Initial disclosure: July 24th, 2025
  • Acknowledgement: July 24th, 2025
  • Leak closed: before August 25th, 2025
  • Public disclosure: August 27th, 2025
ADVERTISEMENT