cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

Starbucks API Key Exposed!

Apparently, Starbucks developers are not drinking their 4lb monthly quota of free Java. Someone left their JumpCloud API key in the clear on GitHub! Quick call security! The issue, since resolved, could have allowed attackers to execute commands on systems, buy free lattes and frappuccinos, add/remove users, which have access to internal systems, and potentially lead to an all out AWS account takeover. Everyone is happy now including the bug bounty researcher. I wish I had the "skill" to grep GitHub repos for these kinds of patterns or even just do this https://searchcode.com/?q=apikey and make thousands too... don't get me wrong I do admire the ethics and responsible discourse that this industry has created for good.

 

1 Reply
rslade
Influencer II

> AppDefects (Advocate I) posted a new topic in Tech Talk on 01-02-2020 10:14 PM

 

> Apparently, Starbucks developers are not drinking their 4lb monthly quota of
> free caffeine. Someone left their JumpCloud API key in the clear on GitHub!

 

Trebor the Magnificent wishes to add to his predictions over on Industry News:

 

In 2020, there will be a sharp increase in malicious activity as blackhats become hypercaffienated ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468