Today's cybersecurity headlines are brought to you by ThreatPerspective

Thousands of Sensitive Secrets Leaked on Popular Code-Formatting Platforms

Thousands of sensitive secrets have been leaked on popular code-formatting platforms, including JSONFormatter and CodeBeautify. This has led to widespread exposure of highly sensitive information, including credentials and private keys. The incident highlights the dangers of pasting sensitive credentials online and emphasizes the need for proactive threat intelligence and exposure management.

A recent investigation by WatchTowr has revealed a staggering array of sensitive secrets, including credentials and private keys, that were inadvertently published on JSONFormatter and CodeBeautify. These platforms, designed to help developers format and beautify their code, have been compromised by users who failed to exercise basic security measures, resulting in the widespread exposure of highly sensitive information.

The research team at WatchTowr analyzed a dataset of over 80,000 saved pieces of JSON that were scraped from JSONFormatter and CodeBeautify. By parsing this data, they identified thousands of leaked secrets, including AD credentials, cloud keys, private keys, API tokens, full API data, SSH recordings, and even a full AWS Secrets Manager export.

The investigation found that users unknowingly exposed their pasted content publicly through predictable, browsable URLs on these platforms. By scraping these legitimate pages and IDs, the researchers recovered vast amounts of historical data, including years' worth of uploads and over 5GB of content.

WatchTowr warned organizations and CERTs (Computer Emergency Response Teams) months ago about the potential for massive data leaks from code-formatting platforms. However, few responded to these warnings, leaving critical sectors such as government, finance, healthcare, telecoms, and CNI (Critical National Infrastructure), vulnerable to exploitation.

Examples of sensitive material that was leaked include encrypted Jenkins secrets tied to MITRE due to a student mishandling exports; a government PowerShell setup script revealing internal configurations; and a data-lake technology vendor leaking plain credentials for Docker, JFrog, Grafana, and databases.

The findings from WatchTowr's research highlight the dangers of pasting sensitive credentials online and emphasize the need for proactive threat intelligence and exposure management. The study concludes that while the publication of this research has not increased the risk attached to the already existing exposure of sensitive information, it serves as a stark reminder of the importance of secure coding practices.

"For those who have already begun writing vicious tweets and emails – today's publishing of this research has not increased the risk attached to the already existing exposure of this sensitive information in the reviewed platform," WatchTowr concludes. "Mostly because someone is already exploiting it, and this is all really, really stupid. We don't need more AI-driven agentic agent platforms; we need fewer critical organizations pasting credentials into random websites."

As security professionals, it is essential that we learn from these incidents and take proactive steps to prevent similar breaches in the future. By promoting secure coding practices and educating users about the risks associated with sharing sensitive information online, we can reduce the likelihood of such leaks and protect critical infrastructure.

Ultimately, this incident serves as a reminder that security is not just about reacting to threats, but also about taking preventive measures to mitigate them. By being vigilant and proactive, we can create a safer digital landscape for everyone.