Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

JSONFormatter and CodeBeautify Recent Links data leak

Data Leak
First reported
Last updated
Happening score
H score 24
2 unique sources, 3 articles

Summary

Hide ▲

Publicly accessible Recent Links pages on JSONF ormatter and CodeBeautify exposed more than 80,000 pastes and over 5GB of sensitive data. The exposed material created immediate risk of credential theft and downstream account abuse. The leaked snippets included credentials, private keys, API tokens, PII, KYC data, and other sensitive content, including Active Directory credentials and SSH session recordings. The affected material came from organizations in sectors such as government, banking, critical infrastructure, healthcare, education, cybersecurity, and telecommunications. Predictable Recent Links URLs and getDataFromID API endpoints made the content scrapeable at scale. Researchers also planted fake AWS access keys and later observed access attempts about 48 hours after upload, showing exposed snippets could still be probed even after links were supposed to expire.

Related Happenings

Docker Hub container images leaking secrets across more than 100 organizations

Data Leak
First: 04.02.2026 17:05 Last: 04.02.2026 17:05 Sources 1

About this happening: Researchers uncovered **more than 10,000 Docker Hub container images** leaking **production API keys, cloud tokens, CI/CD credentials, and AI model access tokens**, putting secret...

Open Happening

JSONFormatter and CodeBeautify Recent Links exposure in temporary sharing feature

Security Tool/Service
First: 25.11.2025 14:01 Last: 25.11.2025 14:01 Sources 1

How related: When clicking the 'save' button, the platform generates a unique URL pointing to that page and adds it to the user’s Recent Links page, which has no protection layer, thus leaving the content accessible to anyone.

About this happening: **JSONFormatter** and **CodeBeautify** left saved JSON snippets exposed through **Recent Links**, turning a temporary sharing feature into a public access path for sensitive conte...

Open Happening

Timeline

  1. 25.11.2025 14:01 2 articles · 6mo ago

    Public Recent Links exposure on JSONFormatter and CodeBeautify

    Initial Disclosure

    WatchTowr disclosed that JSONFormatter and CodeBeautify's public Recent Links feature exposed more than 80,000 user pastes totaling over 5GB, including credentials, private keys, API tokens, PII, and configuration data from government, banking, healthcare, telecom, cybersecurity, aerospace, insurance, education, and critical infrastructure organizations; predictable Recent Links URLs and getDataFromID API endpoints allowed the content to be scraped at scale.

    Show sources
    Open in new tab
  2. 25.11.2025 14:01 2 articles · 6mo ago

    JSONFormatter and CodeBeautify Recent Links exposed sensitive JSON snippets

    Initial Disclosure

    WatchTowr found that the unprotected Recent Links feature on JSONFormatter and CodeBeautify exposed more than 80,000 user pastes totaling over 5GB, including Active Directory credentials, private keys, API tokens, SSH session recordings, PII, KYC data, and other secrets from organizations in sensitive sectors such as government, critical infrastructure, banking, insurance, aerospace, healthcare, education, cybersecurity, and telecommunications. Researchers also planted fake but valid-looking AWS access keys on expiring JSON snippets and later recorded access attempts 48 hours after the initial upload and save, showing that exposed resources could be probed even after the link expired.

    Show sources
    Open in new tab