Last updated 2 weeks ago
A global financial institution experienced a credential exposure incident affecting its development infrastructure. Security researchers discovered nearly 2,000 valid API credentials exposed across approximately 10,000 webpages during a scan of 10 million websites. The credentials were embedded in website source code, making them accessible to anyone viewing the page source.
The exposure resulted from development teams embedding cloud credentials directly into website code, creating persistent access points to backend systems. The credentials included API keys and cloud authentication tokens that could provide unauthorized access to banking systems and cloud infrastructure. Researchers identified the credentials through automated scanning of publicly accessible web content.
No post-incident developments regarding regulatory actions, litigation, or remediation milestones were confirmed in the available information.
API credentials found exposed in website source code across approximately 10,000 webpages
This incident demonstrates critical failures in credential management and secure development practices within financial institutions. Development teams embedded production credentials directly into website source code, bypassing secure credential storage solutions and exposing sensitive access tokens. The scale of exposure across 10,000 webpages indicates systemic issues in code review processes and developer security training.
Sign in to join the discussion.
Company
Industry
Disclosed
Records Affected
Attack Vector
Industry
Attack Vector