More than 80,000 code snippets containing cloud passwords, encryption keys, payment access codes, and personal data from major banks, government bodies, and technology companies have been found exposed online. Security researchers discovered that two popular code formatting websites, JSONFormatter and CodeBeautify, had been storing sensitive information through an open feature called Recent Links. This flaw left more than 5GB of confidential code, collected over nearly five years, easily accessible to anyone.
Researchers found that when users clicked save to share formatted code, the platforms generated a public link and added it to the Recent Links page. Since these pages follow predictable online addresses, attackers could scrape them using simple tools. The exposed information included working login credentials for databases and cloud platforms, private encryption keys, payment gateway codes, and customer data from sectors such as banking, healthcare, government, aerospace, and cybersecurity.
According to researchers, the leaks included active cloud credentials from a major international stock exchange, banking passwords shared by a cybersecurity service provider, and detailed internal configurations from government systems. In one case, a government organisation unintentionally exposed 1,000 lines of code containing details about internal networks, security rules, and system settings. Experts warned that such information could enable targeted intrusions.
To confirm whether cybercriminals were watching these sites, researchers uploaded fake but realistic security credentials. The test data was accessed within 48 hours, confirming that attackers are actively scanning these platforms for weaknesses. Although the researchers informed affected organisations, many have not responded. The Recent Links pages on both websites are still publicly accessible, leaving sensitive information exposed.
The incident highlights how common online tools can become significant security risks when they store shared code without protection.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
