The source code of Swedish e-government services from CGI's "E-plattform" has been leaked.

A threat actor sent us samples.

Our initial analysis shows the breached repositories originate from an internal CGI GitLab instance. The leak exposes architecture, microservices, and configurations for Sweden's digital public infrastructure.

Leaked files:

• Database passwords
• Email/SMTP passwords
• Keystore/truststore passwords & key passwords
• SHS credentials / keystore details
• Signe portal credentials/config
• Embedded Git credentials
• CGI staff data

Key components exposed:

• Mina Engagemang: Frontend and backend code (me-portals) for citizen-facing apps and case management.
• Signe & e-ID: E-signature portal configs, SAML/OpenSAML metadata (keyservice), and signing workflow templates.
• Företrädarregister: Authorization registry services (foreg) governing who can legally represent organizations.
• SHS Integration: Routing and config files (eintegration3) for secure inter-agency data exchange.

The leaked repos contain .git/config files with embedded credentials, severely elevating the risk of lateral movement or further supply chain compromise.