Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Years of JSONFormatter and CodeBeautify Leaks Expose Thousands of Passwords and API Keys

Recent research by watchTowr Labs revealed a 5GB dataset of leaked credentials from JSONFormatter and CodeBeautify, stemming from five years of historical data on JSONFormatter and one year on CodeBeautify. The leak impacts organizations in sectors like government, finance, and critical infrastructure.

Why This Matters

Developers routinely rely on online tools for code formatting and validation, often overlooking the security implications of pasting sensitive data into publicly accessible web applications. Ideal security models assume data is never exposed to untrusted third parties; however, this incident demonstrates a widespread failure to adhere to this principle, with potentially catastrophic consequences for organizations handling sensitive data and costing millions in remediation.

Key Insights

• 5GB Data Leak: watchTowr Labs captured over 5GB of enriched JSON data containing credentials.
• Predictable URLs: Shareable links generated by the sites followed predictable URL patterns, enabling automated scraping.
• Rapid Exploitation: Fake AWS access keys uploaded to the sites were targeted within 48 hours, indicating active credential stuffing attempts.

Working Example

(No code example available in the provided context)

Practical Applications

• Use Case: Security teams can use this incident as a case study to reinforce the importance of secure coding practices and data handling policies.
• Pitfall: Relying on untrusted online tools for processing sensitive data without understanding their security implications can lead to significant data breaches.

References:

• https://thehackernews.com/2025/11/years-of-jsonformatter-and-codebeautify.html
• https://thehackernews.com