Tech Product Reviews, How To, Best Ofs, deals and Advice
After analyzing 10 million webpages, researchers have found thousands of websites accidentally exposing sensitive API credentials, including keys linked to major services like Amazon Web Services, Stripe, and OpenAI.
This is a serious issue because APIs act as the backbone of the apps we use today. They allow websites to connect to services like payments, cloud storage, and AI tools, but they rely on digital keys to stay secure. Once exposed, API keys can allow anyone to interact with those services with malicious intent. Sensitive API keys exposed across thousands of sites According to TechXplore, the researchers identified 1,748 unique API credentials across nearly 10,000 webpages, tied to 14 major service providers. These leaks were not limited to obscure sites, with some appearing on platforms run by global banks and major software developers. Recommended Videos Around 84% of these leaks came from JavaScript files, which are easily accessible through a browser. This means the credentials were effectively sitting in publicly visible code. Even more concerning is how long these keys remained exposed. Some were visible for up to 12 months, while a few rare cases showed credentials staying public for several years without detection. So, what’s causing these leaks? The study makes it clear that the problem does not lie with service providers like Amazon, Stripe, or OpenAI. Instead, the issue stems from how developers handle API keys. In many cases, developers accidentally include private API credentials in the front-end code of a website, leaving it visible to anyone who knows where to look. How to stop API keys from being exposed? To prevent future leaks, the researchers suggest a few practical steps. Developers should scan the live version of their websites, and not just private code, to catch exposed keys. With the rise of vibecoding, companies need stricter rules for automated website-building tools that handle sensitive data during deployment. This is also why platforms like Lovable have started adding safe browsing tools to protect users from poorly vibecoded websites. Meanwhile, service providers need to improve detection systems to flag exposed keys the moment they appear online. Although responsible disclosure helped reduce some of these leaks, the scale of the issue remains significant. Recent reports have also shown how simply visiting a website can expose your device to serious risks, highlighting how fragile web security can be for everyday internet users.
API API Key Cybersecurity Internet Web
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Apple could fold Siri into a dedicated app with a big makeoverTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »
ChatGPT is getting a much-needed upgrade for managing your filesTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »
You are about to see a flood of product recommendations on Instagram and FacebookTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »
Spotify says AI slop is flooding your music feed, adds artist control toolTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »
This AI checks if your driving habits signal crash riskTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »
Gemini, ChatGPT and most other AI chatbots think alike, and it’s bad for human creativityTech Product Reviews, How To, Best Ofs, deals and Advice
Read more »