Today while checking out stackoverflow I came across another post made seemingly newly created account. This user was struggling to get task done and in turn went to defacto website on internet to seek help. Little did he know while posting his code he could make mistake so obviously yet dangerous enough to make his whole organization on his knees while world already grappling with cyber attacks from notorious groups already.
Sometimes they also just leave them sitting exposed in their github repo and then go around posting links to their repo everywhere!