""What we found were highly sensitive API credentials left publicly exposed on public webpages. These act as access tokens that authorize applications to interact with third-party services, granting direct access to critical infrastructure like cloud platforms and payment providers.""
""A 'Global Systemically Important Financial Institution' exposed its cloud credentials directly on its webpages. This gave direct access to multiple core cloud infrastructure services, including databases and key management systems.""
An analysis of 10 million websites revealed nearly 2,000 exposed API credentials across 10,000 webpages. Researchers emphasized the need for dynamic analysis of production websites to understand the extent of the issue. The exposed credentials, which act as access tokens, grant direct access to critical services like cloud platforms and payment providers. Among the affected entities were multinational corporations and government agencies, including a global bank that exposed its cloud credentials, risking access to essential infrastructure.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]