The CIA and other US agencies hosted innocent looking sites (yoga, books) with secret login areas for covert communication. Iran found one of these of sites and used this to uncover ALL of them, probably through a shared piece of HTML. Agents then could be easily discovered by state monitoring of visitors to these sites. Iran shared this with China & other powers and at least 30 agents killed. Internal CIA reports said upwards of 70% of worldwide operations had been compromised.
John Reidy, a CIA contractor repeatedly raised warnings of these flaws before they were discovered by a foreign power but was ignored and fired.
This might be dipping into kooky internet conspiracy territory, but there's a theory that some former moderator of a highly controversial subreddit was involved with such a site.
https://www.youtube.com/watch?v=tF0dCNxfYHk