API security

Major services accessible via exposed API keys, report finds

API Application Programming Interface Concept. A programmer types on a laptop, interacting with digital icons representing API development, security, and cloud computing. Application Software Tool,

Nearly 2,000 API credentials enabling access to AWS, OpenAI, GitHub, and Stripe accounts have been observed by Stanford University researchers to be exposed across 10,000 websites, reports Cybernews.

"You can think of them as usernames and passwords, but they are actually far more dangerous. They must be handled strictly securely, as their exposure directly endangers the organizations and their customers," said researcher Nurullah Demir. The affected enterprises also included a firmware developer for electronic devices, which had exposed repository credentials, and a global bank, with exposed cloud credentials. The credentials could be exploited to push malicious firmware or access core cloud infrastructure systems.

Over 16% of all verified exposures are made up solely of AWS credentials. Majority of the credentials were in JavaScript resources, followed by HTML and JSON files. Affected organizations have reportedly been notified by researchers and soon after, the number of exposed API keys has decreased by half.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds