CMS platforms and backup plugins occasionally dump configuration parameters into text files.
To help tailor further security advice, could you share you are currently running or what type of credentials were exposed? Share public link index of password txt patched