With the database host, username, and password exposed, an attacker can bypass all application logic. They can log directly into the database to steal user data (PII), download password hashes, or drop tables entirely to hold the company hostage with ransomware. 2. Email Server Hijacking (Gmail API/SMTP)