Secrets attacks and the governance gap teams keep missing

TL;DR: Secrets attacks keep turning exposed credentials, tokens, and keys into broad data breaches, with cases spanning CVS, Slack, Samsung, SolarWinds, and Microsoft, according to Entro Security. The real failure is not storage alone but missing lifecycle control, context, and revocation discipline across machine identities and privileged access.

NHIMG editorial — based on content published by Entro Security: 7 famous secrets attacks and their horrific outcomes

By the numbers:

• 64% of valid secrets leaked in 2022 are still valid and exploitable today, proving that detection alone is not enough without automated revocation.
• 28% of secrets incidents now originate outside code repositories, in Slack, Jira, and Confluence, and are 13% more likely to be categorised as critical than code-based leaks.

Questions worth separating out

Q: How should security teams govern secrets that function as non-human identities?

A: Security teams should govern secrets as identities with ownership, scope, and lifecycle rules, not as static values stored in a vault.

Q: Why do exposed secrets create lateral movement risk even when the initial leak seems minor?

A: A leaked secret often carries the exact permissions needed to authenticate into other systems without further exploitation.

Q: What breaks when secrets are protected only by a central vault?

A: A vault solves storage, but not ownership, usage tracking, or revocation discipline across all places secrets travel.

Practitioner guidance

• Inventory secrets as governed identities Assign an owner, business purpose, system scope, and expiry expectation to every credential, token, key, and certificate.
• Expand discovery beyond source code Scan collaboration tools, ticketing systems, CI/CD runners, infrastructure templates, and application configuration files for exposed secrets.
• Prioritise revocation over detection alone Build workflows that invalidate exposed secrets automatically when discovery triggers.

What's in the full article

Entro Security's full blog post covers the operational detail this post intentionally leaves for the source:

• Detailed incident-by-incident narratives for the seven secrets attacks, including breach context and outcomes
• The vendor's recommended secrets management approach for reducing exposure and improving response
• Examples of how metadata, access controls, and rotation support faster investigation and containment
• Additional related articles on secrets risk in GitHub, Azure, and supply-chain environments

👉 Read Entro Security's analysis of seven famous secrets attacks and their outcomes →

Secrets attacks and the governance gap teams keep missing?

Explore further

View Full Forum →  |  NHI Foundation Course →  |  Our Services →