Researchers have discovered a major security leak hiding in plain sight on the internet that could expose the personal data and financial records of millions of people. In a paper published on the arXiv preprint server, Nurullah Demir of Stanford University and colleagues analyzed 10 million websites to see how often API (application programming interfaces) credentials are exposed. These are digital keys or tokens that enable different software programs to communicate and are often used to process bank payments and access cloud storage.
Yep. Use free tools like gitguardian, gitleaks, etc. and run them in pre-commit hooks. Makes it a lot easier to catch.
And if you leak one by accident, change it immediately. There are bots trolling sites and repos for this information.