Overview
- watchTowr scraped more than 80,000 saved pastes totaling over 5GB, spanning five years of JSONFormatter data and one year from CodeBeautify.
- Exposed material included usernames and passwords, API and repository tokens, private and cloud keys, AD and database credentials, SSH session recordings, and personal data.
- Data belonged to organizations across government, finance, healthcare, telecoms, aerospace, education, critical infrastructure, technology, and cybersecurity.
- The exposure stemmed from unprotected Recent Links pages and predictable URL patterns, plus accessible APIs that allowed simple crawling and retrieval.
- Fake AWS credentials planted as canary tokens were probed 48 hours after upload, and while both sites say saving is temporarily disabled, reports differ on whether Recent Links remain accessible; high‑impact finds included an exchange’s Splunk SOAR AWS keys and MSSP‑leaked bank and AD credentials.