According to researchers, governments, banks, tech firms, critical infrastructure and other organizations are pasting passwords and credentials into popular online tools like JSONformatter and CodeBeautify that are used to format and validate code.
More than 80,000 files on these sites have been captured with thousands of usernames, passwords, repository authentication keys, Active Directory credentials, database credentials, FTP credentials, cloud environment keys, LDAP configuration information, helpdesk API keys, meeting room API keys, SSH session recordings, and various personal information.
More details can be found here: https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
Martin Jartelius, AI Product Director at Outpost24, provided the following comments:
“This is why platforms such as Pastebin and others are actively monitored: they are sometimes used by hackers, but far more often used by people who just need to share something quickly. We can tell users again and again not to do these things, but unless we provide stable, easily accessible tools within the organization we monitor and manage, it will keep happening. In essence, if you use a service on the internet that is not provided by your organization, ask yourself whether what you are sending is something you could openly share with anyone in a public space or on public transportation. If the answer is no, please do not upload it. For security departments: identify where these solutions are being used and provide a better, internal, secure alternative. Blocking efficiency will lead to users working around you; strong, secure solutions will make them work with you.”
This is good advice as this is a great way to ensure that your organization stays as secure as possible.
Like this:
Like Loading...
Related
This entry was posted on November 27, 2025 at 1:05 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
80,000+ Passwords and API Keys Exposed from JSONFormatter and CodeBeautify Leaks
According to researchers, governments, banks, tech firms, critical infrastructure and other organizations are pasting passwords and credentials into popular online tools like JSONformatter and CodeBeautify that are used to format and validate code.
More than 80,000 files on these sites have been captured with thousands of usernames, passwords, repository authentication keys, Active Directory credentials, database credentials, FTP credentials, cloud environment keys, LDAP configuration information, helpdesk API keys, meeting room API keys, SSH session recordings, and various personal information.
More details can be found here: https://labs.watchtowr.com/stop-putting-your-passwords-into-random-websites-yes-seriously-you-are-the-problem/
Martin Jartelius, AI Product Director at Outpost24, provided the following comments:
“This is why platforms such as Pastebin and others are actively monitored: they are sometimes used by hackers, but far more often used by people who just need to share something quickly. We can tell users again and again not to do these things, but unless we provide stable, easily accessible tools within the organization we monitor and manage, it will keep happening. In essence, if you use a service on the internet that is not provided by your organization, ask yourself whether what you are sending is something you could openly share with anyone in a public space or on public transportation. If the answer is no, please do not upload it. For security departments: identify where these solutions are being used and provide a better, internal, secure alternative. Blocking efficiency will lead to users working around you; strong, secure solutions will make them work with you.”
This is good advice as this is a great way to ensure that your organization stays as secure as possible.
Share this:
Like this:
Related
This entry was posted on November 27, 2025 at 1:05 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.