Oops, We Did It Again: Sensitive Data Left Exposed on Public Code Tools!

JSONFormatter and CodeBeautify’s Recent Links feature exposed over 80,000 user pastes, revealing sensitive data from top sectors. No password needed—just a simple web crawler. WatchTowr researchers found credentials, API tokens, and more, all ripe for the picking. Who knew saving your secrets online could be so public?

3P
Published: November 25, 2025 12:06 pmAdded: November 25, 2025 at 4:32 amAssembled by: The Editor
Pro Dashboard

Hot Take:

In a twist worthy of a cyber-thriller, sensitive data from high-stakes sectors is hanging out like an unlocked phone at a hacker’s convention—thanks to some overly friendly JSONFormatter and CodeBeautify tools. It seems like our digital secrets are playing peek-a-boo on the internet, and nobody’s laughing except the cybercriminals.

Key Points:

  • More than 80,000 publicly accessible JSON snippets exposed sensitive data.
  • Key targets include government, banking, and healthcare sectors.
  • The data includes credentials, private keys, and API tokens.
  • Researchers used “honeypots” to track unauthorized data access.
  • Many organizations have not responded to warnings about the exposure.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?