Two websites intended to help software developers format and structure their code have exposed thousands of login credentials, authentication keys, and other highly sensitive information.
Cybersecurity researchers found that this sensitive data belonged to organizations in many high-risk sectors like government, banking, and healthcare …
JSONFormatter and CodeBeautify are two online tools that allow software developers to paste in their code and have it turned into a more readable format. However, when they save their results to reference later, whatever they include in their links is left completely exposed to anyone.
The issue is that in many cases the links included embedded credentials, authentication keys, and other highly sensitive information that could enable hackers to gain access to those systems.
Bleeping Computer reports that cybersecurity company watchTowr found over five years’ worth of JSONformatter data and a year of CodeBeautify data containing a wide array of sensitive information.
Active Directory credentials
Database and cloud credentials
Private keys
Code repository tokens
CI/CD secrets
... continue reading