A recent study has highlighted a significant security risk involving prominent online tools such as JSONFormatter and CodeBeautify. Organizations across various sensitive sectors, including governments, finance, and critical infrastructure, have been found inadvertently exposing sensitive passwords and credentials while using these platforms.
Significant Data Exposure
Cybersecurity firm watchTowr Labs discovered a dataset containing over 80,000 files on JSONFormatter and CodeBeautify. This dataset revealed a wealth of sensitive information, including:
- Usernames
- Passwords
- API keys
- Active Directory credentials
- Database credentials
- FTP credentials
- Cloud environment keys
- SSH session recordings
- Personal information
The data, amounting to over 5GB, consisted of five years of JSONFormatter content and one year of CodeBeautify content. The sectors impacted include telecommunications, healthcare, education, and cybersecurity, among others.
The Risks Involved
Security researcher Jake Knott noted that tools like JSONFormatter are popular and often appear at the top of search engines for queries related to formatting code. Many users, including administrators and developers, often utilize them without considering the security implications.
Both platforms allow users to save formatted JSON structures by generating shareable links. This functionality inadvertently creates a pathway for malicious actors to access sensitive data. The predictable URL formats make it easy to retrieve stored links using crawlers:
- https://jsonformatter.org/{id-here}
- https://jsonformatter.org/{formatter-type}/{id-here}
- https://codebeautify.org/{formatter-type}/{id-here}
Examples of Exposed Information
The data breach has led to various incidents, including:
- Leaked Jenkins secrets from a cybersecurity firm
- Exposed encrypted credentials linked to a bank’s KYC information
- A major financial exchange’s AWS credentials
- Active Directory credentials associated with a bank
Additionally, watchTowr reported experimenting by uploading fake AWS access keys, only to find attempts to exploit these credentials within 48 hours of saving them online. This alarming trend emphasizes the urgency of addressing data privacy.
Response from JSONFormatter and CodeBeautify
Following the revelations, both JSONFormatter and CodeBeautify temporarily disabled their save functionalities. They announced efforts to enhance security measures and prevent further unauthorized access to sensitive data. This change likely came after feedback from various affected organizations.
The statement from watchTowr indicated that these changes arose in September, possibly as a direct response to the study’s findings.
In light of these events, security expert Jake Knott voiced concerns over the irresponsible practices that lead to such breaches. He stressed the necessity for organizations to refrain from using online platforms for sensitive data and reduce the risk of future data exposure.
