1. Forum
  2. TQWNet
  3. TQW GENTECH

  • Thousands of widely-used public workspaces are leaking data

    From TechnologyDaily@1337:1/100 to All on Sunday, December 29, 2024 17:00:05
    Thousands of widely-used public workspaces are leaking data

    Date:
    Sun, 29 Dec 2024 16:45:00 +0000

    Description:
    Major platforms impacted include GitHub, Slack, and Salesforce.

    FULL STORY ======================================================================Many organizations using Postman workspaces are putting their data at risk Researchers found tens of thousands of publicly accessible workspaces leaking data The data leaked is includes sensitive information about third-party API

    Many organizations using Postman workspaces are putting their data,
    employees, customers, and partners at risk, due to various misconfigurations, experts have warned.

    CloudSEKs Triad team uncovered more than 30,000 publicly accessible Postman workspaces leaking sensitive information.

    For those unfamiliar with Postman, it is a collaborative platform for API development, often used as a public workspace for creating, testing, sharing, and managing APIs. It provides tools for developers to streamline the API lifecycle, from design and testing to documentation and deployment.
    Widespread misconfigurations

    CloudSEK said these tens of thousands of publicly accessible workspaces were leaking sensitive information about third-party API, including access tokens, refresh tokens, and third-party API keys. Sensitive information uncovered includes administrator credentials, payment processing API keys, and access
    to internal systems.

    Companies of all shapes and sizes were leaking data, from SMBs to large enterprises, the researchers further said. Some owners of the leaked API keys and access tokens are still unidentified, since inadequate permissions and
    API limitation prevented researchers from identifying them.

    Major platforms impacted include GitHub (5,924 exposures), Slack (5,552), and Salesforce (4,206), while most exposed sectors include healthcare, athletic apparel, and financial services.

    The misconfigurations are widespread, CloudSEK says, adding that
    organizations are exposed to significant security risks, which includes
    severe financial and reputational damage.

    Postman workspaces often contain sensitive data, including API keys, tokens, credentials, and documentation, the researchers said. When mishandled, this data becomes a treasure trove for malicious actors capable of exploiting vulnerabilities for financial fraud, data breaches, and reputational damage.

    CloudSEK said it reported most of the incidents to its respective organizations, but did not discuss how many responded, and how. It did say that Postman implemented new security measures, which include proactive
    secret detection and user notifications when sensitive data is found in
    public workspaces. You might also like Google Workspace will now let you
    track exactly how much power all your apps are using Here's a list of the
    best antivirus tools on offer These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-widely-used-public-workspa ces-are-leaking-data


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)