ADVERTISEMENT

Websites exposing over a million secrets, leaving visitors at risk

Thousands of websites are leaving their most sensitive keys in the doors, creating a perfect environment for thieves. The Cybernews research team has discovered 58,364 unique websites from around the globe that are vulnerable to data breaches and even complete takeovers. For visitors, it’s a security disaster.

env-research

Image by Cybernews.

Ernestas Naprys
Ernestas Naprys Senior Journalist
May 28, 2024 Updated: 29 May 2024 5 min read

Key takeaways

  • An analysis by the Cybernews research discovered a million publicly exposed secrets from over 58 thousand websites’ exposed environment (.env) files.
  • Most of the affected websites come from the United States.
  • In half of the cases, the exposed secrets allow direct database access for unauthorized actors.
  • Exposed secrets include payment processor API keys, email credentials, cloud access keys, application keys, and OAuth secrets. GCP keys, Firebase endpoints, and secrets, Azure secrets, Google Cloud and other cloud provider credentials were also present.

What did we find?

top-exposed-secrets
ADVERTISEMENT

The US is the most affected

top-countries-secrets

The mistakes website owners make

ADVERTISEMENT