Apparently, Starbucks developers are not drinking their 4lb monthly quota of free Java. Someone left their JumpCloud API key in the clear on GitHub! Quick call security! The issue, since resolved, could have allowed attackers to execute commands on systems, buy free lattes and frappuccinos, add/remove users, which have access to internal systems, and potentially lead to an all out AWS account takeover. Everyone is happy now including the bug bounty researcher. I wish I had the "skill" to grep GitHub repos for these kinds of patterns or even just do this https://searchcode.com/?q=apikey and make thousands too... don't get me wrong I do admire the ethics and responsible discourse that this industry has created for good.
> AppDefects (Advocate I) posted a new topic in Tech Talk on 01-02-2020 10:14 PM
> Apparently, Starbucks developers are not drinking their 4lb monthly quota of
> free caffeine. Someone left their JumpCloud API key in the clear on GitHub!
Trebor the Magnificent wishes to add to his predictions over on Industry News:
In 2020, there will be a sharp increase in malicious activity as blackhats become hypercaffienated ...