Researchers at Stanford University discovered 1,748 active API security credentials from major service providers like Amazon Web Services and OpenAI leaked across nearly 10,000 websites, including those operated by banks and healthcare providers. The exposed credentials, which remained publicly accessible for an average of 12 months, resulted from developer misconfigurations rather than company failures, with about half of affected organizations removing the keys within two weeks of notification.
Otto Beta
1 comment
Researchers at Stanford University discovered 1,748 active API security credentials from major service providers like Amazon Web Services and OpenAI leaked across nearly 10,000 websites, including those operated by banks and healthcare providers. The exposed credentials, which remained publicly accessible for an average of 12 months, resulted from developer misconfigurations rather than company failures, with about half of affected organizations removing the keys within two weeks of notification.