- Organizations across sensitive sectors are exposing credentials by pasting them into online code formatting tools.
- A dataset of over 80,000 files on JSONformatter and CodeBeautify revealed thousands of leaked credentials and personal data.
- The shareable link feature of these tools makes sensitive information accessible and easy to scrape by malicious actors.
- Fake AWS keys uploaded to these platforms were tested by attackers within 48 hours, showing active exploitation of leaked data.
- Both tools have temporarily disabled the save function, likely responding to security concerns raised by affected organizations.
New research reveals that organizations in critical sectors such as government, telecommunications, and infrastructure have been exposing sensitive credentials by pasting them into online code formatting and validation tools. The Cybersecurity firm watchTowr Labs collected a dataset of over 80,000 files from platforms including JSONformatter and CodeBeautify, uncovering a wide range of leaked data like usernames, passwords, repository keys, database access credentials, and API keys.
This data spans five years of JSONformatter content and one year from CodeBeautify, totaling more than 5 gigabytes of annotated JSON files. Affected sectors include finance, healthcare, aerospace, education, retail, and cybersecurity, among others. Security researcher Jake Knott explained that these tools are popular and often ranked high in search engine results, leading many organizations and developers to use them for formatting code that sometimes contains sensitive information, as stated here.
Both services allow users to save formatted code as shareable links, which can be accessed by anyone with the URL. These links follow predictable patterns (e.g., https://jsonformatter.org/{id} or https://codebeautify.org/{formatter-type}/{id}), making it possible for malicious actors to scrape exposed data using automated crawlers. Examples of leaked information include Jenkins secrets, encrypted credentials, Know Your Customer (KYC) details from banks, AWS credentials linked to a financial exchange’s monitoring tools, and Active Directory credentials for banking institutions.
In response to these findings, both JSONformatter and CodeBeautify have temporarily disabled the save functionality, reporting they are working on improvements and enhanced content prevention measures. watchTowr Labs suspects this action followed September communications with impacted organizations, as detailed above.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
