{"id":53237,"date":"2023-08-15T14:10:42","date_gmt":"2023-08-15T14:10:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34908\/More-Hardcoded-Credentials-Than-Ever-And-Sloppy-Coding-Is-To-Blame.html"},"modified":"2023-08-15T14:10:42","modified_gmt":"2023-08-15T14:10:42","slug":"more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/","title":{"rendered":"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/07\/0707_api_key.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>LAS VEGAS \u2013 Access credentials, security keys and other &#8220;secrets&#8221; are all too frequently found embedded in web and mobile apps, and poor security practices are the reason why, said two researchers at the BSides Las Vegas security conference here on Aug. 8.<\/p>\n<p>In back-to-back presentations, Mackenzie Jackson and Dwayne McDaniel of GitGuardian extrapolated the results of their company&#8217;s most recent <a rel=\"noreferrer noopener\" href=\"https:\/\/www.scmagazine.com\/news\/secrets-surge-10-million-github-human-error-drives-exposure\" target=\"_blank\">yearly scan of public GitHub commits<\/a> \u2014 more than 1 billion in all.<\/p>\n<h2>A GitHub full of secrets<\/h2>\n<p>There were at least 10 million secrets revealed in those public GitHub commits, the pair said, 67% more than in 2021. They defined &#8220;secrets&#8221; as &#8220;anything that gives you access to another system or decrypts data&#8221; \u2014 <a href=\"https:\/\/www.scmagazine.com\/topic\/identity\" target=\"_blank\" rel=\"noreferrer noopener\">username\/password pairs<\/a>, API tokens, database connection URLs and browser session cookies.<\/p>\n<p>One reason for this is people uploading code to GitHub without checking for secrets, McDaniel said. He cited the case of a Toyota developer who <a href=\"https:\/\/www.theregister.com\/2022\/10\/11\/toyota_source_code_email_leak\/\" target=\"_blank\" rel=\"noreferrer noopener\">accidentally posted nearly 300,000 customer email addresses to GitHub<\/a>, a leak that went unnoticed for five years. Uber famously had <a href=\"https:\/\/www.wired.com\/story\/uber-paid-off-hackers-to-hide-a-57-million-user-data-breach\/\" target=\"_blank\" rel=\"noreferrer noopener\">a similar issue<\/a>, as did pharmaceutical giant <a href=\"https:\/\/techcrunch.com\/2022\/11\/03\/astrazeneca-passwords-exposed-patient-data\/\" target=\"_blank\" rel=\"noreferrer noopener\">AstraZeneca<\/a>.<\/p>\n<p>&#8220;One out of 10 GitHub authors exposed a secret in 2022,&#8221; said McDaniel. &#8220;Five-point-five out of every 1,000 commits contained a secret, 50% over the previous year.&#8221;<\/p>\n<p>The most commonly leaked specific secret in 2022 was Google API keys, which made up 9.7 % of the total.<\/p>\n<h2>All your secrets are belong to us<\/h2>\n<p>Jackson focused on credentials leakage by mobile apps, citing GitGuardian&#8217;s own research that decompiled 50,000 Android apps from the Google Play Store and found nearly half exposed plaintext credentials.<\/p>\n<p>&#8220;Where should secrets be stored?&#8221; Jackson asked the crowd. &#8220;Not in a front-facing Android APK or Apple IPA. Instead, the secrets should be in a back-end secrets manager. But in practice, it&#8217;s a lot sloppier.&#8221;<\/p>\n<p><strong><a href=\"https:\/\/www.scmagazine.com\/topic\/black-hat\" target=\"_blank\" rel=\"noreferrer noopener\">Read more of SC Media&#8217;s coverage from Black Hat 2023 here.<\/a><\/strong><\/p>\n<p>One of the issues is that mobile apps are meant to do everything these days, Jackson said. For example, a bank&#8217;s mobile app might not only display balances and deposits, but also let you transfer money to other users, speak to customer support and even deposit a written check by taking a photograph of it. That&#8217;s going to require a lot of developers with different skill sets working on the app, and things might fall through the cracks.<\/p>\n<p>Jackson cited the research of Buddobot CISO Jason Haddix, who <a href=\"https:\/\/www.jhaddix.com\/post\/stealing-checks-worth-millions-pwning-a-bank\" target=\"_blank\" rel=\"noreferrer noopener\">took apart an iOS banking app<\/a> from a major U.S. bank. Haddix found that check images were stored unencrypted in shared folders on the phone; two million unencrypted check images were stored on an insecure AWS server; and a hardcoded plist file in the mobile app contained administrative credentials for one of the bank&#8217;s Apache Tomcat web servers.<\/p>\n<h2>How to pick apart a mobile app<\/h2>\n<p>Jackson explained that it&#8217;s really quite simple to check mobile apps for hardcoded secrets. First you download a mobile app to a computer, using something like <a href=\"https:\/\/github.com\/rehmatworks\/gplaydl\" target=\"_blank\" rel=\"noreferrer noopener\">GPlayDL<\/a> (for Android) or <a href=\"https:\/\/github.com\/majd\/ipatool\" target=\"_blank\" rel=\"noreferrer noopener\">ipatool<\/a> (for iOS).<\/p>\n<p>The Android app can be decompiled using a tool called <a href=\"https:\/\/github.com\/skylot\/jadx\" target=\"_blank\" rel=\"noreferrer noopener\">JADX<\/a>; for iOS apps, Jackson said, just change the .ipa filetype to .zip and unzip the files. Then you can use GitGuardian&#8217;s own app, GGShield (available at <a href=\"https:\/\/github.com\/gitguardian\/ggshield\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/github.com\/gitguardian\/ggshield<\/a>) to scan for credentials.<\/p>\n<p>Jackson ran a demo on a decompiled Android app. The scan took about a minute and found hardcoded API keys and Slack webhooks that let you post to a private Slack channel.&nbsp;<\/p>\n<p>Mobile-app developers need to make sure that no secrets are stored on the app itself, but instead on the server side, Jackson said. Apps should be signed, IP addresses should be limited to known machines, API keys should be limited in scope, and access should be restricted with whitelists, multifactor authentication, or short-lived credentials.&nbsp;<\/p>\n<p>Both he and McDaniel stressed the importance of using a secrets manager like Hashicorp Vault, and of doing automated secrets detection on all apps. McDaniel recommended that development teams adopt the DORA metrics put together by Google&#8217;s <a href=\"https:\/\/dora.dev\/\" target=\"_blank\" rel=\"noreferrer noopener\">DevOps Research and Assessment<\/a> program to improve app-development security.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34908\/More-Hardcoded-Credentials-Than-Ever-And-Sloppy-Coding-Is-To-Blame.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":53238,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10639],"class_list":["post-53237","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinedata-losspasswordconference"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-08-15T14:10:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/07\/0707_api_key.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame\",\"datePublished\":\"2023-08-15T14:10:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/\"},\"wordCount\":683,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg\",\"keywords\":[\"headline,data loss,password,conference\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/\",\"name\":\"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg\",\"datePublished\":\"2023-08-15T14:10:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg\",\"width\":1280,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,data loss,password,conference\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinedata-losspasswordconference\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/","og_locale":"en_US","og_type":"article","og_title":"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-08-15T14:10:42+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2023\/07\/0707_api_key.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame","datePublished":"2023-08-15T14:10:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/"},"wordCount":683,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg","keywords":["headline,data loss,password,conference"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/","url":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/","name":"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg","datePublished":"2023-08-15T14:10:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/08\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame.jpg","width":1280,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/more-hardcoded-credentials-than-ever-and-sloppy-coding-is-to-blame\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,data loss,password,conference","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinedata-losspasswordconference\/"},{"@type":"ListItem","position":3,"name":"More Hardcoded Credentials Than Ever, And Sloppy Coding Is To Blame"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=53237"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/53237\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/53238"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=53237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=53237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=53237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}