{"id":54556,"date":"2023-11-16T14:35:11","date_gmt":"2023-11-16T14:35:11","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35204\/Developers-Cant-Seem-To-Stop-Exposing-Credentials-In-Code.html"},"modified":"2023-11-16T14:35:11","modified_gmt":"2023-11-16T14:35:11","slug":"developers-cant-seem-to-stop-exposing-credentials-in-code","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/","title":{"rendered":"Developers Can&#8217;t Seem To Stop Exposing Credentials In Code"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2017\/08\/rawlspicday2-800x609.jpg\" alt=\"Developers can\u2019t seem to stop exposing credentials in publicly accessible code\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Victor De Schwanberg\/Science Photo Library via Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2023\/11\/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">108<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/aside>\n<p> <!-- cache hit 92:single\/related:36602e95f33553bc96b669d43cab046a --><!-- empty --><\/p>\n<p>Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can\u2019t bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who takes the time to look for them.<\/p>\n<p>The lapse stems from immature coding practices in which developers embed cryptographic keys, security tokens, passwords, and other forms of credentials directly into the source code they write. The credentials make it easy for the underlying program to access databases or cloud services necessary for it to work as intended. I published one such PSA in 2013 after discovering simple searches that turned up dozens of accounts that appeared to <a href=\"https:\/\/arstechnica.com\/information-technology\/2013\/01\/psa-dont-upload-your-important-passwords-to-github\/\">expose credentials<\/a> securing computer-to-server SSH accounts. One of the credentials appeared to grant access to an account on Chromium.org, the repository that stores the source code for Google&#8217;s open source browser.<\/p>\n<p>In 2015, Uber learned the hard way just how damaging the practice can be. One or more developers for the ride service had embedded a unique security key into code and then shared that code on a public GitHub page. Hackers then copied the key and used it to access an internal Uber database and, from there, <a href=\"https:\/\/arstechnica.com\/information-technology\/2015\/03\/in-major-goof-uber-stored-sensitive-database-key-on-public-github-page\/\">steal sensitive data<\/a> belonging to 50,000 Uber drivers.<\/p>\n<p>Uber lawyers argued at the time that \u201cthe contents of these internal database files are closely guarded by Uber,\u201d but that contention is undermined by means the company took in safeguarding the data, which was no better than stashing a house key under a door mat.<\/p>\n<p>The number of studies published since following the revelations underscored just how common the practice had been and remained in the years immediately following Uber\u2019s cautionary tale. Sadly, the negligence continues even now.<\/p>\n<p>Researchers from security firm GitGuardian this week <a href=\"https:\/\/blog.gitguardian.com\/uncovering-thousands-of-unique-secrets-in-pypi-packages\/\">reported<\/a> finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained at least one unique secret. Many secrets were leaked more than once, bringing the total number of exposed secrets to almost 57,000.<\/p>\n<p>\u201cExposing secrets in open-source packages carries significant risks for developers and users alike,\u201d GitGuardian researchers wrote. \u201cAttackers can exploit this information to gain unauthorized access, impersonate package maintainers, or manipulate users through social engineering tactics.\u201d<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>The credentials exposed provided access to a range of resources, including Microsoft Active Directory servers that provision and manage accounts in enterprise networks, OAuth servers allowing single sign-on, SSH servers, and third-party services for customer communications and cryptocurrencies. Examples included:<\/p>\n<ul>\n<li aria-level=\"1\">Azure Active Directory API Keys<\/li>\n<li aria-level=\"1\">GitHub OAuth App Keys<\/li>\n<li aria-level=\"1\">Database credentials for providers such as MongoDB, MySQL, and PostgreSQL<\/li>\n<li aria-level=\"1\">Dropbox Key<\/li>\n<li aria-level=\"1\">Auth0 Keys<\/li>\n<li aria-level=\"1\">SSH Credentials<\/li>\n<li aria-level=\"1\">Coinbase Credentials<\/li>\n<li aria-level=\"1\">Twilio Master Credentials.<\/li>\n<\/ul>\n<p>Also included in the haul were API keys for interacting with various Google Cloud services, database credentials, and tokens controlling Telegram bots, which automate processes on the messenger service. This week\u2019s report said that exposures in all three categories have steadily increased in the past year or two.<\/p>\n<p>The secrets were exposed in various types of files published to PyPI. They included primary .py files, README files, and test folders.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/most-comment-python-files-exposing-credentials.png\" class=\"enlarge\" data-height=\"589\" data-width=\"1600\" alt=\"Most common types of files other than .py containing a hardcoded secret in PyPI packages.\"><img loading=\"lazy\" decoding=\"async\" alt=\"Most common types of files other than .py containing a hardcoded secret in PyPI packages.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/most-comment-python-files-exposing-credentials-640x236.png\" width=\"640\" height=\"236\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/most-comment-python-files-exposing-credentials-1280x471.png 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/most-comment-python-files-exposing-credentials.png\" class=\"enlarge-link\" data-height=\"589\" data-width=\"1600\">Enlarge<\/a> <span class=\"sep\">\/<\/span> Most common types of files other than .py containing a hardcoded secret in PyPI packages.<\/div>\n<div class=\"caption-credit\">GitGuardian<\/div>\n<\/figcaption><\/figure>\n<p>GitGuardian tested the exposed credentials and found that 768 remained active. The risk, however, can extend well beyond that smaller number. GitGuardian explained:<\/p>\n<blockquote>\n<p>It is important to note that just because a credential can not be validated does not mean it should be considered invalid. Only once a secret has been properly rotated can you know if it is invalid. Some types of secrets GitGuardian is still working toward automatically validating include Hashicorp Vault Tokens, Splunk Authentication Tokens, Kubernetes Cluster Credentials, and Okta Tokens.<\/p>\n<\/blockquote>\n<p>There are no good reasons to expose credentials in code. The report said the most common cause is by accident.<\/p>\n<p>\u201cIn the course of outreach for this project, we discovered at least 15 incidents where the publisher was unaware they had made their project public,\u201d the authors wrote. \u201cWithout naming any names, we did want to mention some of these were from very large companies that have robust security teams. Accidents can happen to anyone.\u201d<\/p>\n<p>Over the past decade, various mechanisms have become available for allowing code to securely access databases and cloud resources. One is .env files that are stored in private environments outside of the publicly available code repository. Others are tools such as the AWS Secrets Manager, Google Cloud\u2019s Secret Manager, or the Azure Key Vault. Developers can also employ scanners that check code for credentials inadvertently included.<\/p>\n<p>The study examined PyPI, which is just one of many open source repositories. In years past, code hosted in other repositories such as NPM and RubyGems has also been rife with credential exposure, and there\u2019s no reason to suspect the practice doesn\u2019t continue in them now.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35204\/Developers-Cant-Seem-To-Stop-Exposing-Credentials-In-Code.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54557,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[6592],"class_list":["post-54556","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinedata-lossflawpassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Developers Can&#039;t Seem To Stop Exposing Credentials In Code 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Developers Can&#039;t Seem To Stop Exposing Credentials In Code 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-16T14:35:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2017\/08\/rawlspicday2-800x609.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Developers Can&#8217;t Seem To Stop Exposing Credentials In Code\",\"datePublished\":\"2023-11-16T14:35:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/\"},\"wordCount\":835,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg\",\"keywords\":[\"headline,data loss,flaw,password\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/\",\"name\":\"Developers Can't Seem To Stop Exposing Credentials In Code 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg\",\"datePublished\":\"2023-11-16T14:35:11+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg\",\"width\":800,\"height\":609},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/developers-cant-seem-to-stop-exposing-credentials-in-code\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,data loss,flaw,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinedata-lossflawpassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Developers Can&#8217;t Seem To Stop Exposing Credentials In Code\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Developers Can't Seem To Stop Exposing Credentials In Code 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/","og_locale":"en_US","og_type":"article","og_title":"Developers Can't Seem To Stop Exposing Credentials In Code 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-11-16T14:35:11+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2017\/08\/rawlspicday2-800x609.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Developers Can&#8217;t Seem To Stop Exposing Credentials In Code","datePublished":"2023-11-16T14:35:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/"},"wordCount":835,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg","keywords":["headline,data loss,flaw,password"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/","url":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/","name":"Developers Can't Seem To Stop Exposing Credentials In Code 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg","datePublished":"2023-11-16T14:35:11+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/developers-cant-seem-to-stop-exposing-credentials-in-code.jpg","width":800,"height":609},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/developers-cant-seem-to-stop-exposing-credentials-in-code\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,data loss,flaw,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinedata-lossflawpassword\/"},{"@type":"ListItem","position":3,"name":"Developers Can&#8217;t Seem To Stop Exposing Credentials In Code"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54556"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54556\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54557"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}