Daily Guardian UAEDaily Guardian UAE
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
What's On

This gaming mouse has a Noctua fan inside, and it finally has a launch date

July 17, 2026

ChatGPT’s new search tool saves you from digging through old chats, files, and images

July 17, 2026

Strengthening Governance in Arab Capital Markets: ACCA & UASA Collaboration

July 16, 2026

You can now link your favorite apps to AI Mode in Google Search to get things done

July 16, 2026

Tech Mahindra Q1 FY27 EBIT rises to ₹2,264 crores, up 53.3% YoY;

July 16, 2026
Facebook X (Twitter) Instagram
Finance Pro
Facebook X (Twitter) Instagram
Daily Guardian UAE
Subscribe
  • Home
  • UAE
  • What’s On
  • Business
  • World
  • Entertainment
  • Lifestyle
  • Sports
  • Technology
  • Travel
  • Web Stories
  • More
    • Editor’s Picks
    • Press Release
Daily Guardian UAEDaily Guardian UAE
Home » A simple coding mistake is exposing API keys across thousands of websites
Technology

A simple coding mistake is exposing API keys across thousands of websites

By dailyguardian.aeMarch 27, 20262 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

After analyzing 10 million webpages, researchers have found thousands of websites accidentally exposing sensitive API credentials, including keys linked to major services like Amazon Web Services, Stripe, and OpenAI.

This is a serious issue because APIs act as the backbone of the apps we use today. They allow websites to connect to services like payments, cloud storage, and AI tools, but they rely on digital keys to stay secure. Once exposed, API keys can allow anyone to interact with those services with malicious intent.

Sensitive API keys exposed across thousands of sites

According to TechXplore, the researchers identified 1,748 unique API credentials across nearly 10,000 webpages, tied to 14 major service providers. These leaks were not limited to obscure sites, with some appearing on platforms run by global banks and major software developers.

Around 84% of these leaks came from JavaScript files, which are easily accessible through a browser. This means the credentials were effectively sitting in publicly visible code.

Even more concerning is how long these keys remained exposed. Some were visible for up to 12 months, while a few rare cases showed credentials staying public for several years without detection.

So, what’s causing these leaks?

The study makes it clear that the problem does not lie with service providers like Amazon, Stripe, or OpenAI. Instead, the issue stems from how developers handle API keys.

In many cases, developers accidentally include private API credentials in the front-end code of a website, leaving it visible to anyone who knows where to look.

How to stop API keys from being exposed?

To prevent future leaks, the researchers suggest a few practical steps. Developers should scan the live version of their websites, and not just private code, to catch exposed keys.

graphic image of cybersecurity

With the rise of vibecoding, companies need stricter rules for automated website-building tools that handle sensitive data during deployment. This is also why platforms like Lovable have started adding safe browsing tools to protect users from poorly vibecoded websites.

Meanwhile, service providers need to improve detection systems to flag exposed keys the moment they appear online. Although responsible disclosure helped reduce some of these leaks, the scale of the issue remains significant.

Recent reports have also shown how simply visiting a website can expose your device to serious risks, highlighting how fragile web security can be for everyday internet users.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Keep Reading

This gaming mouse has a Noctua fan inside, and it finally has a launch date

ChatGPT’s new search tool saves you from digging through old chats, files, and images

You can now link your favorite apps to AI Mode in Google Search to get things done

You can now edit videos in Google Vids by simply describing the changes

Your OnePlus phone is switching to ColorOS, whether you like it or not

NotebookLM just got a new name and a serious upgrade for Google AI Pro subscribers

Personal Intelligence in Search now connects to Google Calendar

The TEWA MOTO M3 Pro is Making Waves in Electric Off-Road Riding

This sleek Chinese EV pairs supercar styling with three AI brains

Editors Picks

ChatGPT’s new search tool saves you from digging through old chats, files, and images

July 17, 2026

Strengthening Governance in Arab Capital Markets: ACCA & UASA Collaboration

July 16, 2026

You can now link your favorite apps to AI Mode in Google Search to get things done

July 16, 2026

Tech Mahindra Q1 FY27 EBIT rises to ₹2,264 crores, up 53.3% YoY;

July 16, 2026

Subscribe to News

Get the latest UAE news and updates directly to your inbox.

Latest Posts

You can now edit videos in Google Vids by simply describing the changes

July 16, 2026

Malabar Gold First to Export Jewelry Under India-UK Trade Deal

July 16, 2026

Your OnePlus phone is switching to ColorOS, whether you like it or not

July 16, 2026
Facebook X (Twitter) Pinterest TikTok Instagram
© 2026 Daily Guardian UAE. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.