Credential exposure occurs when credentials appear in source code, public repositories, config files, or breach dumps — giving attackers valid credentials without brute force.
Check GitHub for accidentally committed credentials (truffleHog, git-secrets). HaveIBeenPwned monitors breach exposure. Rotate any exposed credentials immediately. Use secrets management vaults (HashiCorp Vault) not env files.