If you put something on a publicly-accessible webpage, you should assume that it can (and eventually will) be read by another person. By that, I mean don’t put things you’d want to keep secret — like passwords and API credentials — in places where someone might eventually find them. Sounds obvious, right? That’s because it is. That said, one security researcher stumbled upon a troubling trend of organizations storing sensitive credentials in Trello documents, no less. An attacker could easily find these with little more than a Google query. The researcher, Kushagra Pathak, found a veritable treasure-trove of credentials. These…
This story continues at The Next Web
No comments:
Post a Comment