Top Source Code Leaks, 2020-2026

user profile
Sr. Product Marketing Manager

Source code represents a company’s core intellectual property. Exposure can be devastating—comparable to revealing Coca-Cola’s formula or the F-22 Raptor’s architecture. Such breaches trigger trust erosion, revenue loss, and substantial regulatory penalties.

This blog highlights several notable breaches from the past five years. To go deeper, download the full report.

What Is a Source Code Leak?

A source code leak occurs when application or operating system code becomes publicly exposed outside its owning organization. These incidents are particularly dangerous because they reveal design vulnerabilities, expose trade secrets, and may contain hardcoded credentials that grant attackers authentic system access.

The problem is escalating. During January–June 2023, GitHub processed 1,086 takedown notices, resulting in 14,159 project removals. Additionally, 100% of companies now have AI-generated code in their codebase, yet only 19% say they have full visibility into how AI is used across development workflows.

adadad

How Is Source Code Leaked?

Three primary mechanisms enable leaks:

  • Attacks: Exploiting software vulnerabilities, using compromised credentials, social engineering, or malware.
  • Insider threats: Intentional disclosure for personal gain, revenge, or competitive advantage.
  • Human error: Misconfigurations, lost devices, email mistakes, or accidental sharing via platforms like ChatGPT.

The Impact of a Source Code Leak

The CRI Group estimates intellectual property theft costs the U.S. economy between $225 billion and $600 billion annually. The impact of a leak varies with the nature of the code and the organization involved, but organizations commonly face a number of significant consequences:

  • Loss of intellectual property
  • Reputational and brand damage
  • Revenue loss
  • Regulatory compliance fines
  • Exposed secrets
  • Compromised customers
  • Zero-day exploits

The bottom line: it’s essential that organizations keep their code secure.

Top Source Code Leaks

The following are several notable source code leaks from 2020–2026.

GitHub Internal Breach (May 2026)

TeamPCP attacked a GitHub employee through a compromised Visual Studio Code plugin, stealing code from approximately 3,800 internal repositories. This demonstrates the growing threat of developer tools serving as attack entry points.

Shai-Hulud Open Source Compromise (May 2026)

The Shai-Hulud malware framework source code was briefly published on GitHub before removal. Researchers identified it as a fully fledged offensive framework enabling supply chain attacks, credential theft, repository hijacking, and CI/CD exploitation.

Anthropic Claude Code (March 2026)

Anthropic accidentally left Claude Code’s source code accessible in a publicly available npm package, exposing the full TypeScript code behind the terminal-based AI coding agent. While no customer data was compromised, this illustrates IP exposure risks during rapid AI tool releases.

F5 BIG-IP (October 2025)

A state actor stole significant BIG-IP source code before August 2025, leading to the identification of undocumented vulnerabilities including CVE-2025-53521. The breach demonstrates how attackers can discover product weaknesses before defenders.

Red Hat Consulting (October 2025)

Threat actors compromised Red Hat’s GitLab environment, exfiltrating internal source code. This underscores the critical importance of securing developer infrastructure, repositories, CI/CD pipelines, and development tools.

ERMAC V3.0 Banking Trojan (August 2025)

The banking trojan’s full source code exposure revealed significant vulnerabilities, including hardcoded secrets and default credentials, ultimately weakening the malware itself.

Dell (July 2025)

The hacking group World Leaks exfiltrated 1.3 TB from Dell, including employee folders, infrastructure scripts, and source code, highlighting the risks posed by supply chain attacks.

Google Salesforce CRM (June 2025)

ShinyHunters compromised Google’s Salesforce CRM instance. Though core products remained unaffected, the breach exposed data related to prospective Google Ads customers, proving that even a small misstep in a third-party service can lead to significant exposure.

Apache Tomcat (April 2025)

CVE-2025-48989, the “Made You Reset” vulnerability in Apache Tomcat, demonstrates how weaknesses in widely used open-source software can affect thousands of applications.

Mercedes-Benz (January 2024)

A Mercedes-Benz employee’s authentication token appeared in a public GitHub repository since September 2023, granting unrestricted access to internal source code hosted on an internal GitHub Enterprise Server. The company attributed the leak to human error.

Samsung (May 2023)

Samsung engineers in the semiconductor division shared ChatGPT prompts containing source code for testing programs, chip sequences, and internal meeting notes. The incident raised concerns about using AI tools with sensitive information.

Twitter (March 2023)

A GitHub user uploaded snippets of Twitter’s internal code, revealing recommendation algorithms, moderation tools, and internal APIs. The code was quickly removed, but its origin remains unclear—suspected employee negligence or phishing.

Uber (September 2022)

LAPSUS$ purchased stolen employee credentials from the dark web, gaining VPN and admin access. They obtained Uber’s backend source code, driver-rider matching algorithms, and bug bounty reports containing unpatched vulnerabilities.

State of New York, Office of IT Services (June 2020)

A misconfigured Git repository exposed all projects to the internet, including server and database secrets. The misconfiguration allowed anyone to create a user account and log in with admin credentials.

adadad

How to Stop Source Code Leaks

From software supply chain attacks to human error, the leaks above are a stark reminder of the need for robust defenses across the entire software development lifecycle. Prevention strategies include:

  • Securing your software supply chain
  • Adopting secure coding practices
  • Implementing employee training programs
  • Enforcing access controls and multi-factor authentication (MFA)
  • Continuously monitoring and patching code
  • Developing an incident response plan before your code is leaked

For more details, download the full report, Top 25+ Source Code Leaks.

How Cycode Can Help

When code is leaked, organizations suffer. Code can be examined by malicious actors for defects to exploit or by competitors seeking trade secrets, and exposed secrets often give attackers an easy way into high-value targets. The good news is that Cycode can help you stop a leak before it occurs.

Cycode’s Agentic Development Security Platform combines application security testing, software supply chain security, secrets management, and AI-based risk assessment to provide comprehensive visibility across code, pipelines, cloud environments, and developer tooling. Cycode is the leading Application Security Posture Management (ASPM) platform, scaling and standardizing developer security without slowing down the business.

Want peace of mind that your source code is safe? Book a demo now.

adadad