Over 80,000 credentials leaked on public code sites
More than 80,000 sensitive code snippets—think passwords, cloud keys, and even personal info—were left wide open on popular formatting sites like JSONFormatter and CodeBeautify.
The culprit? An unprotected "Recent Links" feature that made it way too easy for anyone to stumble across private data from banks, government offices, and tech firms.
Security researchers at watchTowr Labs spotted the leak stretching back as far as five years.
What exactly got exposed?
The leaks covered a lot: AWS keys, database logins—you name it.
Info came from all kinds of places: banks, healthcare providers, government agencies—even cybersecurity companies weren't spared.
How did this happen—and what now?
Because the sites used predictable URLs for sharing links, hackers could easily scrape them for secrets.
To test just how bad it was, researchers planted fake security credentials and saw hackers try to use them within two days.
Despite repeated warnings from watchTowr Labs about the risks (and the "Recent Links" feature still being live), many organizations haven't acted yet—leaving their sensitive info out in the open.