Security News > 2024 > August > 35% of exposed API keys still active, posing major security risks

Nightfall AI's research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year.

Companies who have embraced modern cloud, SaaS and GenAI environments have only just begun to uncover the hidden risks of secret sprawl, which occurs when sensitive information like API keys or passwords are spread to apps, files and messages where they don't belong.

In its research, Nightfall scanned hundreds of terabytes of data looking for sensitive secrets - passwords, API keys, database connection strings and cryptographic keys - shared across cloud systems and applications over the past year, and found more than 171,000 secrets exposed across SaaS apps, GenAI tools, email and endpoints.

While GitHub had the highest volume of secret sprawl, 54% of exposed secrets were found in other developer and productivity apps, including Confluence, Zendesk, Slack and Google Drive.

Passwords take the cake by comprising over half of detected secrets, with API keys following closely behind.

While Nightfall saw that passwords and API keys had slight variations in where they were sprawled, GitHub is the most likely place to find either of these categories of secrets, with 339 secrets shared per 100 employees per year.

News URL

https://www.helpnetsecurity.com/2024/08/13/api-keys-secrets/