Thousands of sensitive credentials and configuration data have been exposed through publicly accessible JSON snippets on online formatting tools, putting organizations in high-risk sectors at serious threat. Researchers found over 80,000 user pastes containing critical information, including API tokens, private keys, and PII, accessible via the platforms’ unsecured Recent Links feature. #JSONFormatter #CodeBeautify #SensitiveDataExposure
Keypoints
- Online formatting tools like JSONFormatter and CodeBeautify inadvertently expose sensitive data through their Recent Links feature.
- Researchers collected over 80,000 pastes containing critical credentials and PII spanning five years of data.
- High-risk sectors such as government, finance, and cybersecurity are among those impacted by the data leaks.
- Threat actors have attempted to access these exposed credentials using honeypots set up by researchers.
- Many affected organizations have not yet responded or remediated the exposed data, leaving it vulnerable to attacks.