Here is what a single infected machine revealed about an entire company using LeakRadar.io.
The search
Routine domain search on LeakRadar. Tech startup. Around 50 employees.
One email stood out. Intern domain: firstname.lastname.intern@company.com
12 credentials tied to that one email.
What the intern had saved
GitHub Enterprise. GitLab. AWS Console. Slack. Jira. Confluence. Jenkins. Datadog.
Everything an engineering intern would touch during onboarding. All saved in Chrome. All captured by a stealer.
The blast radius
The intern's GitHub access was read-only. Limited damage.
But the URLs revealed the entire internal tooling stack. Subdomains nobody would find through scanning.
ci.internal.company.com deploy.company.com metrics.internal.company.com wiki.engineering.company.com
A full map of engineering infrastructure from one laptop.
It got worse
I searched for more employees on the same domain. Found 6 other engineering team members.
Same tools. Same URLs. But with higher privileges.
One had AWS admin access. One had Jenkins deploy credentials. One had production database access through a saved bookmark.
The intern's laptop was the index. The senior engineers' laptops were the payload.
How it happens
Interns use personal laptops. BYOD policies. No endpoint protection.
They save every password because they are logging into 15 new tools in their first week.
One cracked game. One malicious download. One infected machine.
The stealer grabs everything and uploads it within minutes.
The company had no idea
No alerts. No notifications. No breach disclosure.
The intern finished their internship 8 months ago. The credentials were still sitting in stealer logs.
Still valid. Still dangerous.
The lesson
Your newest, lowest-access employee can map your entire infrastructure.
Their saved passwords reveal what tools you use. Their URLs reveal subdomains you forgot existed.
One weak link exposes everyone.