Digital Trends Researchers who scanned millions of webpages discovered that thousands of sites are unintentionally publishing API credentials for major services such as Amazon Web Services, Stripe and OpenAI. The majority of leaks originate from JavaScript files that are publicly accessible, allowing anyone to misuse the keys. The study uncovered 1,748 distinct credentials across nearly 10,000 pages, with some keys remaining exposed for up to a year or longer. Experts say the problem stems from developers embedding private keys in front‑end code, and they recommend live‑site scanning, stricter tool controls and better detection by service providers.
Read more