More than 80,000 files with sensitive data, including usernames, passwords, Active Directory credentials, API keys, and LDAP configuration details, belonging to government, healthcare, cybersecurity, telecommunications, and critical national infrastructure have been leaked by online tools JSONFormatter and CodeBeautify, according to The Hacker News.Apart from enabling formatted JSON structure or code saving, both JSONFormatter and CodeBeautify offer a Recent Links page with a predictable URL format that could enable the retrieval of a cybersecurity firm's encrypted credentials for configuration files, banks' Know Your Customer data and AD credenitals, as well as a leading financial exchange's Splunk-related AWS credentials, reported watchTowr Labs researchers.Meanwhile, counterfeit AWS access keys uploaded to the tool were subjected to attempted exploitation within 48 hours of being saved, suggesting active scraping of data saved in the tools. Such save functionality has since been deactivated by JSONFormatter and CodeBeautify, which noted ongoing efforts to improve the feature.
Data Security, DevOps, Supply chain
Code formatters prompt expansive critical infrastructure secret exposure

(Adobe Stock)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



