Close Menu
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
What's Hot

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

Serena Williams returns to Wimbledon in Nike tennis kit

Bear’s final run is a season of disappointment

Facebook X (Twitter) Instagram
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
Facebook X (Twitter) Instagram
FYMOUS News
  • Start
  • Celebrities
  • Music
  • Influencers
  • Tendencies
  • Exclusives
  • Business & Brands
  • TwinH
  • Spanish
FYMOUS News
Home » Years of JSONFormatter and CodeBeautify leaks expose thousands of passwords and API keys
Celebrities

Years of JSONFormatter and CodeBeautify leaks expose thousands of passwords and API keys

By November 25, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

November 25, 2025Ravi LakshmananData Leak / Cloud Security

A new study has found that organizations in a variety of sensitive sectors, including government, telecommunications, and critical infrastructure, are pasting passwords and credentials into online tools used to format and validate code, such as JSONformatter and CodeBeautify.

Cybersecurity firm watchTowr Labs announced that it has captured a dataset of more than 80,000 files on these sites, revealing thousands of usernames, passwords, repository authentication keys, Active Directory credentials, database credentials, FTP credentials, cloud environment keys, LDAP configuration information, help desk API keys, conference room API keys, SSH session records, and personal information of all kinds.

This includes 5 years of historical JSONFormatter content and 1 year of historical CodeBeautify content, totaling 5GB worth of enriched and annotated JSON data.

DFIR retainer service

Organizations affected by this breach span the critical national infrastructure, government, finance, insurance, banking, technology, retail, aerospace, telecommunications, healthcare, education, travel, and, ironically, cybersecurity sectors.

“These tools are extremely popular, often appearing near the top of search results for things like ‘JSON beautification’ and ‘best place to paste secrets’ (probably unproven), and are used by a variety of organizations, organizations, developers, and administrators in both enterprise environments and personal projects,” security researcher Jake Knott said in a report shared with Hacker News.

Both tools provide the ability to save a formatted JSON structure or code and turn it into a semi-permanent link that can be shared with others. This makes the data accessible to anyone who can access the URL.

Coincidentally, these sites also have a handy website that lists all your recently saved links.[最近のリンク]In addition to serving pages, it follows a predictable URL format for shareable links, making it easy for a malicious attacker to retrieve all URLs using a simple crawler.

https://jsonformatter.org/{id-here} https://jsonformatter.org/{formatter-type}/{id-here} https://codebeautify.org/{formatter-type}/{id-here}

Examples of compromised information include sensitive information from Jenkins, a cybersecurity firm exposing encrypted credentials in sensitive configuration files, Know Your Customer (KYC) information associated with a bank, AWS credentials for a major financial exchange linked to Splunk, and Active Directory credentials for a bank.

CIS build kit

To make matters worse, the company announced that it had discovered a malicious actor who uploaded a fake AWS access key to one of these tools and attempted to exploit it 48 hours after it was stored. This indicates that valuable information published through these sources is being collected and tested by other parties, posing significant risks.

“The main reason is that someone is already exploiting it, which is really, really stupid,” Knott said. “We don’t need more AI-powered agent platforms. There will be fewer important organizations pasting their credentials on random websites.”

Checked by The Hacker News, both JSONFormatter and CodeBeautify have temporarily disabled the save feature, claiming they are “working on improvements” and implementing “enhanced NSFW (Not Safe For Work) content prevention measures.”

watchTowr said these sites likely have the save feature disabled in response to their investigation. “We believe this change occurred in September in response to communications from a number of affected organizations that we alerted to,” it added.


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleNever be left behind again! Stranded Chinese astronaut finally returns home after launching unmanned “lifeboat”
Next Article ‘Like a sudden bomb’: See photos from space of Ethiopia’s volcano erupting for the first time in 12,000 years

Related Posts

Serena Williams returns to Wimbledon in Nike tennis kit

June 30, 2026

Best Hair Moments at the 2026 BET Awards

June 29, 2026

Pharrell Williams shows off his bold take on men’s wedding rings

June 29, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

Serena Williams returns to Wimbledon in Nike tennis kit

Bear’s final run is a season of disappointment

“It was never a racial issue.”

Trending Posts

Randy Rainbow Draws Donald Trump as ‘Psychopathic’ in Jazzy Song Parody

June 30, 2026

Serena Williams returns to Wimbledon in Nike tennis kit

June 30, 2026

“It was never a racial issue.”

June 30, 2026

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to The FYMOUS, a modern digital media platform dedicated to celebrities, artists, influencers, brands, entertainment culture, and the growing TwinH ecosystem.

We bring audiences closer to the people, stories, trends, and collaborations shaping today’s culture. From exclusive celebrity news and music releases to influencer highlights, brand partnerships, and TwinH activations, The FYMOUS delivers engaging content designed for the next generation of digital audiences.

Castilla-La Mancha Ignites Innovation: fiveclmsummit Redefines Tech Future

Local Power, Health Innovation: Alcolea de Calatrava Boosts FiveCLM PoC with Community Engagement

The Future of Digital Twins in Healthcare: From Virtual Replicas to Personalized Medical Models

Human Digital Twins: The Next Tech Frontier Set to Transform Healthcare and Beyond

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About The FYMOUS
  • Advertising / Promotion
  • Contact
  • DMCA
  • Privacy Policy
  • Terms
  • Publish News
© 2026 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.