Researchers discovered a.git folder exposing passwords and more for a website that gives advice to organizations about complying with the General Data Protection Regulation (GDPR) rules. The site is operated by Proton Technologies AG, the company behind end-to-end encrypted mail service ProtonMail. The issue was easily found, quickly fixed, so a result all round, said researchers with Pen Test Partners. Researchers urge website administrators to remove the.git directory from their sites to improve security.
Source: https://threatpost.com/data-leak-gdpr-advice-site/155199/