An alarming number of secrets are being exposed online, and it's not just any secrets—they belong to banks, government entities, and tech organizations. But how is this happening? It's all due to code-formatting tools that are inadvertently leaking sensitive information.
Thousands of sensitive credentials and data have been left exposed in publicly accessible JSON snippets on JSONFormatter and CodeBeautify, two popular online tools used for code formatting and beautification. These snippets contain a treasure trove of information, including authentication keys, configuration data, and more.
Researchers uncovered a staggering 80,000 user pastes, amounting to over 5GB of data, through a feature called 'Recent Links'. This feature, meant for convenience, has become a security nightmare as it provides unrestricted access to anyone.
The impact is far-reaching, affecting organizations in critical sectors such as government, banking, healthcare, and cybersecurity. These sectors handle highly sensitive data, and the exposure of such information could have severe consequences.
Here's the catch: when users click 'save' on these platforms, the content is stored on the servers with a unique URL, but without any protection. This means anyone with the URL can access the data. And with a simple crawler, these URLs can be easily discovered.
The exposed data includes a wide range of sensitive information:
- Active Directory credentials
- Database and cloud login details
- Private keys and code repository tokens
- CI/CD secrets and payment gateway keys
- API tokens and SSH session recordings
- Personal data, including PII and KYC information
One shocking example involves a cybersecurity company's sensitive configuration file with encrypted credentials, SSL certificate keys, and hostnames. But here's where it gets controversial: the researchers also found valid AWS credentials from a major financial exchange, raising questions about the security practices of these organizations.
To test the waters, the researchers planted fake AWS access keys on the platforms, and surprisingly, they were accessed even after the links expired. This indicates that threat actors are actively seeking such information.
Despite efforts to notify affected organizations, many have not addressed the issue. As a result, threat actors can still access these Recent Links, potentially leading to data breaches and other malicious activities.
As we approach 2026, security leaders are strategizing their budgets. With over 300 CISOs sharing their insights, the CISO Budget Benchmark Report offers a comprehensive view of security planning and spending for the coming year.
Are these code-formatting platforms doing enough to protect user data? The debate is open, and your thoughts are welcome in the comments below.
