Thousands of Secrets Leaked on Code Formatting Platforms

JSONFormatter and CodeBeautify users exposed credentials, authentication keys, configuration information, private keys, and other secrets.

Users of code formatting platforms are exposing thousands of secrets and other types of sensitive information, attack surface management provider WatchTowr warns.

GitHub found roughly 39 million inadvertently leaked secrets across the platform last year, and previous research has revealed that secrets exposed on Git-based Source Code Management systems (SCMs) remain permanently leaked.

But users’ blunders extend beyond unknowingly hardcoding secrets in code published to public repositories. Every online tool used without proper code sanitization may lead to a leak. And threat actors are hunting them like hawks.

This is the conclusion WatchTowr reached after analyzing roughly 80,000 saved JSON files collected from JSONFormatter and CodeBeautify, platforms that users rely on to ‘beautify’ their code.

In its dataset, the outfit found thousands of sensitive secrets, including credentials, keys, tokens, configuration files, SSH session recordings ...