The Intern’s Laptop That Exposed an Entire Engineering Team

Here is what a single infected machine revealed about an entire company.

Routine domain search on LeakRadar. Tech startup. Around 50 employees.

12 credentials tied to that one email. All visible in plain text on LeakRadar.

GitHub Enterprise. GitLab. AWS Console. Slack. Jira. Confluence. Jenkins. Datadog.

Everything an engineering intern would touch during onboarding. All saved in Chrome. All captured by a stealer.

The intern's GitHub access was read-only. Limited damage.

But the URLs in LeakRadar revealed the entire internal tooling stack. Subdomains nobody would find through scanning.

A full map of engineering infrastructure from one laptop.

I searched for more employees on LeakRadar. Found 6 other engineering team members.

Same tools. Same URLs. But with higher privileges.

One had AWS admin access. One had Jenkins deploy credentials. One had production database access through a saved bookmark.

The intern's laptop was the index. The senior engineers' laptops were the payload.

Interns use personal laptops. BYOD policies. No endpoint protection.

They save every password because they are logging into 15 new tools in their first week.

One cracked game. One malicious download. One infected machine.

The stealer grabs everything and uploads it within minutes. LeakRadar indexes it within hours.

No alerts. No notifications. No breach disclosure.

The intern finished their internship 8 months ago. The credentials were still sitting in stealer logs.

Still valid. Still dangerous. Still searchable on LeakRadar.

Your newest, lowest-access employee can map your entire infrastructure.

Their saved passwords reveal what tools you use. Their URLs reveal subdomains you forgot existed.

One weak link exposes everyone.

Find your weak links on leakradar.io

Contents