"Websites Exposing Over a Million Secrets, Leaving Visitors at Risk"

The Cybernews research team found 58,364 unique websites vulnerable to data breaches and full takeovers. Cybernews began investigating publicly exposed environment (.env) files on April 9. These configuration files contain passwords, Application Programming Interface (API) keys, and other secrets websites need to access databases, mail servers, payment processors, Content Management Systems (CMS), and other services. A scan of publicly available indexes shows that thousands of website owners have left their keys unprotected. An analysis of the most up-to-date indexes of environment files uncovered the exposure of 1,141,004 secrets from 58,364 unique websites. This article continues to discuss key findings from the analysis of publicly available indexes of environment files.

Cybernews reports "Websites Exposing Over a Million Secrets, Leaving Visitors at Risk"

Submitted by grigby1