Cybersecurity

Code Beautifiers Expose Credentials From Banks, Govt, Tech Orgs

2025-11-25 0 views admin
Code Beautifiers Expose Credentials From Banks, Govt, Tech Orgs

Thousands of credentials, authentication keys, and configuration data impacting organizations in sensitive sectors have been sitting in publicly accessible JSON snippets submitted to the JSONFormatter and CodeBeautify online tools that format and structure code.

Researchers discovered more than 80,000 user pastes totaling over 5GB exposed through a feature called Recent Links provided by both services, which is freely accessible to anyone.

Some of the companies and organizations with sensitive data leaked this way are in high-risk sectors like government, critical infrastructure, banking, insurance, aerospace, healthcare, education, cybersecurity, and telecommunications.

Researchers at external attack surface management company WatchTowr examined the JSONFormatter and CodeBeautify online platforms and found that their Recent Links feature provided access to JSON snippets that users had saved on the services' servers for temporary sharing purposes.

When clicking the 'save' button, the platform generates a unique URL pointing to that page and adds it to the user’s Recent Links page, which has no protection layer, thus leaving the content accessible to anyone.

Since Recent Links pages follow a structured, predictable URL format, the URL can be easily retrieved with a simple crawler.

By scraping these public “Recent Links” pages and pulling the raw data using the platforms’ getDataFromID API endpoints, watchTowr collected over 80,000 user pastes corresponding to five years of JSONFormatter data and one year of CodeBeautify data with sensitive details:

In one case, the researchers found "materially sensitive information" from a cybersecurity company that could be easily identified. The content included "encrypted credentials for a very sensitive configuration file," SSL certificate private key passwords, external and internal hostnames and IP addresses, and paths to keys, certificates, and configuration files.

Pastes from a government entity included 1,000 lines of PowerShell code that configured a new host by fetching installers, "configuring registry keys, hardening configurations, and finally deploying a web app."

Even if the script did not include sensitive data, watchTowr says that it had valuable information that an attacker could use, such as details about internal endpoints, IIS configuration values and properties, and hardening configurations with the corresponding registry keys.

Source: BleepingComputer

🏷️ Tags

cybersecuritysecurityattack

More from Cybersecurity

New Microsoft Is Retiring 'send To Kindle' In Word 2026

New Microsoft Is Retiring 'send To Kindle' In Word 2026

2026-01-11 0
Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

Complete Guide to Breachforums Hacking Forum Database Leaked, Exposing 324,000 Accounts

2026-01-10 0
Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

Update: Spain Arrests 34 Suspects Linked To Black Axe Cyber Crime 2026

2026-01-10 0
Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

Latest: Ireland Recalls Almost 13,000 Passports Over Missing 'irl' Code

2026-01-10 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views