Databases stores, cloud storage and services at risk from exposed access keys
Poor security measures associated with software development puts organizations at risk
Digital Shadows revealed new research looking at the growing problem of company access keys inadvertently exposed during software development. Access keys, and their corresponding secrets, are used by developers to authenticate into other systems. While these should be kept private, poor security practices mean they are frequently made ‘public’ and are a gift to threat actors which routinely scour such sites for easy access to company systems.
Over a 30-day period Digital Shadows scanned more than 150 million entities from GitHub, GitLab, and Pastebin. During this time, its technology assessed and categorized almost 800,000 access keys and secrets. Digital Shadows discovered more than 40% of these were for database stores, with 38% for cloud providers such as Google, Microsoft Azure and Amazon Web Services. Some 11% were for online services including collaboration platforms such as Slack and payment systems including Stripe.