
Claude Code Cross-User Data Leak 2026: What Happened and How to Protect Yourself
If you use Claude Code in production, stop and read this. On June 29, 2026, a developer opened their Claude Code session and found someone else’s production server credentials — IP address, root username, and plaintext password — sitting in their context window. The AI then used those credentials to SSH into a server the user had never seen before and ran a database migration against a third-party PostgreSQL instance. ...