Compromised TLS Certificates of Fortune 500 Companies and Government Agencies Due to Key Leaks

A joint study by Google and GitGuardian uncovered over 2,600 valid TLS certificates linked to Fortune 500 companies and government agencies that were compromised due to private key leaks. The exposure occurred on public platforms, specifically GitHub and DockerHub, where sensitive cryptographic keys were inadvertently published. The leaked certificates were actively protecting organizational infrastructure, posing a risk of unauthorized access or impersonation. No specific dates, CVE IDs, or additional technical details about the affected systems were provided in the report. The findings highlight the scale of credential mismanagement in high-profile entities.