A forum user has allegedly leaked source code belonging to Paidwork, a task monetization and online earning platform, claiming the archive contains internal application code, exposed configuration files, API keys, database credentials, and private certificates tied to production infrastructure.
The post appeared on May 26 and included a screenshot showing several compressed project directories allegedly associated with Paidwork backend services and APIs. The actor claimed the leaked archive contains hardcoded credentials for both staging and production environments alongside internal service tokens and certificate material.
Unlike typical database leak claims focused on customer information, the alleged exposure could present operational security risks if any credentials or keys remain valid. Source code leaks involving active infrastructure secrets can potentially enable unauthorized access to internal systems, API abuse, or follow-on compromise attempts against connected services.
Alleged archive includes infrastructure secrets
According to the forum post, the leaked files allegedly contain exposed environment configurations, API credentials, database passwords, private keys, and internal certificate material tied to Paidwork systems.
The screenshot shared by the actor appeared to reference multiple archived directories allegedly tied to Paidwork APIs, advertising systems, and backend components.
BreachNews has not independently verified the authenticity of the source code or confirmed whether any of the allegedly exposed credentials remain active.
At time of publication, Paidwork had not issued any public statement regarding the alleged leak.
Source code leaks create elevated downstream risk
Source code exposures involving embedded credentials can present broader risks than conventional database leaks because they may provide insight into internal infrastructure, authentication systems, deployment logic, API integrations, and cloud environments.
Attackers frequently search leaked repositories for reusable secrets, cloud access keys, internal endpoints, and authentication tokens that can be leveraged in follow-on attacks.
The forum account behind the post appears relatively new with limited posting history, making the overall credibility of the claim difficult to independently assess. However, the inclusion of infrastructure-related material such as configuration files and certificates may increase the potential severity if authentic.
The incident also follows a broader rise in threat actors advertising alleged source code archives, developer credentials, and internal repositories on underground forums amid ongoing supply chain targeting across the software ecosystem.
Read more: Alleged TeamPCP sale of GitHub internal source code and private repositories
Related: Mini Shai-Hulud malware abuses trusted CI pipelines in expanding supply chain attack
