Independent security researcher Bill Demirkapi has uncovered a treasure trove of leaked developer secrets and vulnerabilities in websites, including passwords, API keys, and authentication tokens that could give cybercriminals access to sensitive data. Among the findings are secrets linked to Nebraska’s Supreme Court, Stanford University’s Slack channels, and API keys belonging to OpenAI customers. Demirkapi also identified 66,000 websites with dangling subdomain issues, making them vulnerable to attacks. By automating the revocation of exposed secrets, he hopes to protect organizations from potential breaches. His unconventional approach of tapping into overlooked data sources has uncovered thousands of security issues, showcasing the need for creative solutions to protect the web at large.
https://www.wired.com/story/secret-hunting-bill-demirkapi/