Blog
Share This Post
[ad_1]
Hackread reports that more than 30,000 internet-exposed instances of widely used cloud-based API development and testing platform Postman Workspace had API keys, tokens, and admin credentials exposed as a result of access control misconfiguration, accidental Postman collection sharing, public repository syncing, and unencrypted storage of plaintext data.
Most of the leaked secrets were from api.github.com, followed by slack.com, hooks.slack.com, salesforce.com, and login.microsoftonline.com, with sensitive information affecting the healthcare, financial services, and athletic clothing sectors, according to a year-long probe by CloudSEK’s TRIAD team.
Increased data compromise and social-engineering intrusions stemming from API exposure have prompted researchers to urge organizations to utilize secret management systems and environment variables, conduct consistent token rotations, restrict permissions, and ensure collection security prior to sharing.
Such findings come after Postman commenced the omission of public workspaces with exposed secrets from the public API network in June.
“As we roll out this policy change, owners of public workspaces containing secrets will be notified and have the opportunity to remove their exposed secrets before that workspace is removed from the network,” Postman said.
Get essential knowledge and practical strategies to fortify your applications.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
