Developers can’t seem to stop exposing credentials in publicly accessible code

Resear more than a decade 4,000 unique secrets stashed inside 450,000 Python projects.

Nearly 3,000 projects contained at least one unique secret in PyPI, the official code repository for the Python programming language.

The credentials exposed provided access to a range of resources, including Microsoft Active Directory and OAuth servers. RubyGems NPM years one one ummaryFeed_hi 2013 ghtText__NxlGi">PyPI dozens ghLightText__NxlGi">Google Cloud’s SSH t__NxlGi">O One /span> the pas Chromium.org an> Google least 15 2015 um Uber Feed_highLightText__NxlGi">Okta Tokens One aryFeed_highLightText__NxlGi">Kubernetes Cluster Credentials Splunk A GitHub ication Tokens Hashicorp Vault Tokens 50,000 _NxlGi">GitGuardian GitGuardian 768 GitGuardian PyPI two the past year the years ass="summaryFeed_highLi Uber ext__NxlGi">three week GitGuardian r this week hLightText__NxlGi" almost 4,000 pan> 450,000 Gi">Google Cloud PyPI pan class="summaryFeed_highLightText__NxlGi">API Nearly 3,000 d_highLightText__Nxl at least one - Database third almost 57,000 t__NxlGi">SSH OAuth GitGuardian ghtText__NxlGi">Microsoft Active Directory