Ars Technica
•Technology
Technology
Developers can’t seem to stop exposing credentials in publicly accessible code

76% Informative
Resear more than a decade 4,000 unique secrets stashed inside 450,000 Python projects.
Nearly 3,000 projects contained at least one unique secret in PyPI, the official code repository for the Python programming language.
The credentials exposed provided access to a range of resources, including Microsoft Active Directory and OAuth servers. RubyGems NPM years one one ummaryFeed_hi 2013 ghtText__NxlGi">PyPI dozens ghLightText__NxlGi">Google Cloud’s SSH t__NxlGi">O One /span> the pas Chromium.org an> Google least 15 2015 um Uber Feed_highLightText__NxlGi">Okta Tokens One aryFeed_highLightText__NxlGi">Kubernetes Cluster Credentials Splunk A GitHub ication Tokens Hashicorp Vault Tokens 50,000 _NxlGi">GitGuardian GitGuardian 768 GitGuardian PyPI two the past year the years ass="summaryFeed_highLi Uber ext__NxlGi">three week GitGuardian r this week hLightText__NxlGi" almost 4,000 pan> 450,000 Gi">Google Cloud PyPI pan class="summaryFeed_highLightText__NxlGi">API Nearly 3,000 d_highLightText__Nxl at least one - Database third almost 57,000 t__NxlGi">SSH OAuth GitGuardian ghtText__NxlGi">Microsoft Active Directory
VR Score
73
Informative language
71
Neutral language
42
Article tone
formal
Language
English
Language complexity
62
Offensive language
not offensive
Hate speech
not hateful
Attention-grabbing headline
not detected
Known propaganda techniques
not detected
Time-value
long-living
External references
2
Source diversity
2
Affiliate links
no affiliate links