Nearly 2,000 API credentials enabling access to AWS, OpenAI, GitHub, and Stripe accounts have been observed by Stanford University researchers to be exposed across 10,000 websites, reports Cybernews."You can think of them as usernames and passwords, but they are actually far more dangerous. They must be handled strictly securely, as their exposure directly endangers the organizations and their customers," said researcher Nurullah Demir. The affected enterprises also included a firmware developer for electronic devices, which had exposed repository credentials, and a global bank, with exposed cloud credentials. The credentials could be exploited to push malicious firmware or access core cloud infrastructure systems.Over 16% of all verified exposures are made up solely of AWS credentials. Majority of the credentials were in JavaScript resources, followed by HTML and JSON files. Affected organizations have reportedly been notified by researchers and soon after, the number of exposed API keys has decreased by half.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




