DevOops: Loose lips sink ships

Hackers love to travel the path of least resistance. That path is often littered with credentials which hackers clean up. How do these credentials end up in the hands of the hackers? How can you prevent it? And just how serious is it?