- Cyber Syrup
- Posts
- Code Formatting Platforms Are Exposing Thousands of Sensitive Secrets, Researchers Warn
Code Formatting Platforms Are Exposing Thousands of Sensitive Secrets, Researchers Warn
New research from WatchTowr reveals that users of online code formatting tools are unintentionally leaking thousands of sensitive secrets
In partnership with
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
The AI Insights Every Decision Maker Needs
You control budgets, manage pipelines, and make decisions, but you still have trouble keeping up with everything going on in AI. If that sounds like you, don’t worry, you’re not alone – and The Deep View is here to help.
This free, 5-minute-long daily newsletter covers everything you need to know about AI. The biggest developments, the most pressing issues, and how companies from Google and Meta to the hottest startups are using it to reshape their businesses… it’s all broken down for you each and every morning into easy-to-digest snippets.
If you want to up your AI knowledge and stay on the forefront of the industry, you can subscribe to The Deep View right here (it’s free!).
Code Formatting Platforms Are Exposing Thousands of Sensitive Secrets, Researchers Warn
New research from WatchTowr reveals that users of online code formatting tools are unintentionally leaking thousands of sensitive secrets—including credentials, API tokens, SSH session logs, and personal data—through saved content on public “beautifier” platforms. Analysis of over 80,000 JSON files from two popular tools, JSONFormatter and CodeBeautify, uncovered widespread unauthorized exposure affecting organizations across critical sectors. Threat actors are actively harvesting these leaks, often abusing exposed secrets within days.
Context
Secrets leakage has long been a challenge in software development. GitHub alone detected 39 million unintentionally leaked secrets across its platform last year, reinforcing how frequently developers mismanage sensitive information.
While Git-based systems typically receive blame, the problem extends far beyond repositories. Any online tool used to transform, validate, or format code—without proper sanitization—can become an unintentional storage and distribution channel for sensitive data.
Many code formatting platforms allow users to generate shareable links or retain recent projects, inadvertently making sensitive content publicly viewable.
What Happened
WatchTowr examined roughly 80,000 saved JSON files scraped from JSONFormatter and CodeBeautify via their public “Recent Links” sections. These pages revealed years’ worth of user-submitted content, much of it containing:
API keys and tokens
AWS Secrets Manager exports
Database credentials
SSH session recordings
Configuration files
Sensitive API requests and responses
Personally identifiable information (PII)
Internal service credentials
One user even pasted all AWS Secrets Manager credentials directly into an online JSON formatting tool—unaware that saving their file made the content publicly accessible.
Technical Breakdown
The exposure stems from several aligned issues:
Persistent Storage: Many beautifier tools store submitted code to generate shareable URLs.
Recent Links Indexing: Tools list recently saved sessions, enabling anyone to browse historical uploads.
Lack of Sanitization: Raw user content—including secrets—is saved without removal or redaction.
Automated Scraping: Threat actors actively monitor these platforms, harvesting leaked secrets at scale.
Rapid Abuse: WatchTowr’s experiments with fake credentials showed that leaked keys were tested or abused within days.
Once exposed, secrets cannot be “un-leaked”, especially if attackers mirrored or archived the content.
Impact Analysis
The leaked material affects organizations across critical sectors:
Cybersecurity and technology
Critical infrastructure
Government
Finance and banking
Healthcare
Aerospace
Insurance
Telecom and education
Travel and transportation
The risk extends beyond direct compromise. Stolen secrets could grant:
Unauthorized access to cloud environments
Lateral movement through internal systems
Data exfiltration or account takeover
Persistent access via leaked authentication tokens
Because code beautifiers operate outside traditional security controls, many organizations remain unaware they are leaking sensitive assets.
Why It Matters
This research highlights a systemic problem: developer workflows increasingly depend on third-party online tools, yet many of these platforms are not designed with security or data privacy in mind.
A single paste of credentials into a formatting tool can:
Bypass organizational controls
Expose privileged keys publicly
Enable automated attacker harvesting
Create long-term risk even after revocation
In a landscape where attackers actively monitor exposed-data sources, even small mistakes can create outsized impact.
Expert Commentary
WatchTowr summarizes the issue bluntly:
“We don’t need more AI-driven agentic agent platforms; we need fewer critical organizations pasting credentials into random websites.”
Cybersecurity teams emphasize:
Reducing reliance on unsanctioned online tools
Enforcing strict secret-handling policies
Using offline or self-hosted formatters
Implementing automated leak detection and credential rotation
Training developers on secure workflows
The message is clear: convenience cannot outweigh security when handling sensitive data.
Key Takeaways
Online code beautifiers are leaking thousands of sensitive secrets.
WatchTowr found credentials, PII, keys, tokens, and internal logs across 80,000+ uploaded files.
Threat actors scrape these platforms and exploit exposed secrets quickly.
Leaks affect organizations across critical sectors, including cybersecurity and government.
The core issue is user saving behavior—not the platforms themselves.
Secure development requires strict handling of secrets and trusted tools only.