Researchers discover exposed API secrets, impacting major tech tokens

2024-02-05 05:30

The exposed secrets include hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks.

This approach shows how and where API secret keys and tokens are exposed in real-world settings, not only in code repositories.

Keeping all tokens in a single location enables comprehensive monitoring of their usage.

Rotate tokens regularly: Frequently updating tokens can lessen the impact of a potential compromise.

Allocate tokens to specific teams or services: Assign each token to designated teams or services that require it.

Monitor token usage patterns: Actively observe how tokens detect abnormal or suspicious activities.

News URL

https://www.helpnetsecurity.com/2024/02/05/exposed-api-secrets/

#API #researcher #tech #token