6 infamous cybersecurity leaks of 2023

Itzik Alvas. Co-founder & CEO, Entro
January 11, 2024

If you work in security or IT Ops and you’re heading off to the beach or the in-laws’ for the holidays, here’s some light reading to get you through those slow afternoons. A roundup of the biggest cybersecurity leaks in 2023.

Being featured in this article is like being the runner-up game in the soccer World Cup where teams in the 2nd & 3rd position compete to see who’s 2nd and who’s 3rd. Neither wants to be in that game. The best that can come from it is some learnings for the next tournament. The organizations here have had their cybersecurity secrets data leaked, and have paid dearly for it. Nobody wants to be in this spot. But as it turns out, more companies are finding themselves in the news headlines for reasons related to the mishandling of secrets.

For those who might not be familiar with the key term here, a ‘secret’ is like a key to your digital locker filled with confidential and highly valuable data. A secret can be an access token, API key, encryption keys, or a similar piece of garbled text that’s used as a credential to gain access to a software application,database, or any infrastructure.

Any organization would want to guard these secrets no matter the cost. Unfortunately, the organizations below, despite their best efforts, were the victims of a cybersecurity leak. Let’s look at the biggest incidents in this space over the past year.

1. Microsoft accidentally exposes 38TB of internal data

AI research is in full swing today as organizations race for AI supremacy. Microsoft is caught up in this race, and one of the criteria is to provide your AI researchers with loads of training data to feel the AI models they create. However, if this training data is actual internal data that is sensitive and confidential, it runs the risk of being exposed.

That’s precisely what happened with Microsoft recently as their AI researchers accidentally exposed an Azure SAS token with access to about 38TB of internal data such as Teams chats, cybersecurity secrets like passwords and API keys, and even complete backups of two employee workstations. The token was clearly over-privileged as it was configured to give anyone who has access to it, a full Azure Storage account.

2. Hugging Face API exposes the data of 723 organizations

Hugging Face is the GitHub of the AI world. It hosts AI models and datasets that many AI researchers and developers use to power their projects and collaborate on.

Recently, Hugging Face was found to contain over 1,500 exposed tokens and secrets. Many of these cybersecurity secrets belong to some of the biggest tech companies like Meta, Microsoft, Google, and VMware. In total, the secrets of 723 organizations were found to be exposed. Of the 1,500 secrets, about 655 of them had write permissions to the assets behind them. These are staggering numbers by any means.

Key takeaway: AI projects need secrets security

With the first two examples here, it’s clear that AI is a new attack vector that needs to be watched closely. In both these cases, the (mis)handling of tokens or secrets is the key issue. There needs to be better security around the handling of secrets, and better monitoring to know when one is exposed and what’s at stake. However, most organizations fly blind in an AI world.

3. SAP exposes over 95 million artifacts via Kubernetes & GitHub

Recently, SAP’s GitHub repositories were found exposing Kubernetes secrets that led to over 95 million artifacts of the organization. SAP wasn’t the only organization in this predicament, the list also includes many other Fortune 500 companies.

There were 438 secrets in total that were exposed, of which, 46% of them were still valid and opened the gate for any intruder to enter the organization’s systems. Many of these secrets had ‘push’ and ‘pull’ access to the GitHub repositories of the organizations which can easily lead to a distractive supply chain attack and PII leakage.

Kubernetes is widely used by almost all tech companies to manage container-based infrastructure. Kubernetes uses secrets to ensure its various services or applications can speak to one another securely. Since these secrets operate at the fundamental infrastructure level, they can risk exposing applications that run on the infrastructure and data stored in it.

GitHub is also used by developers and maintainers of Kubernetes as they write and collaborate around code that’s used to power Kubernetes. Together the two projects – Kubernetes and GitHub – are like peanut butter and jelly, they go together really well. This is great for technology teams to collaborate, but not so for the company when secrets are exposed.

Key takeaway: Scan every GitHub repository for hardcoded secrets

As developers push new code to GitHub on a daily basis, it is essential for organizations to scan every new commit that makes it to their public repositories. You can’t rely on training and developers’ good intentions. It’s not possible for a human to manually check every line of code all the time. It takes an automated tool to scan code completely and alert you of any hardcoded secret.

4. 5,493 container images on Docker Hub contain exposed secrets

Docker Hub is like the app store for containers. It’s a great platform to find and share software tools easily. However, just like GitHub, it too is riddled with exposed cybersecurity secrets that show up in numerous container images.

Of the 10,178 container images that were scanned by researchers, about 54% of them were found to contain exposed secrets. These container images were downloaded a total of 132 billion times. Considering these container images eventually make it to the internal systems and applications of a company, their reach could be even further.

Key takeaway: Scan all containers for secrets

Docker Hub is a public container registry and should be considered unsecured by default. A private container registry can help secure container images used by developers within your organization. However, whether it’s Docker Hub or a private registry the key is to scan every single container image that enters your system. This check should be automated by a tool like Entro and shouldn’t be left to manual human review, which is error prone.

5. Python package leaks 3938 secrets

Python is one of the most widely used programming languages in the world. Recently, researchers found 3938 exposed secrets on Python package management platform PyPI. 768 of these secrets were validated as authentic. PyPI hosts over 450,000 projects and is part of a majority of production applications running today. Among the leaked secrets were AWS keys, Redis database credentials, Telegram bot tokens, and Google API keys. These secrets were hardcoded in the open source repositories of the projects.

Key takeaway: Monitor open source packages for hardcoded secrets

Open source may be free to use, but costly if they’re not secured. Yet, open source can’t be avoided in today’s collaborative software marketplace. The key is to scan all open source repositories for hard coded secrets. When downloading a package from a public index like PyPI, it’s essential to scan the repository and be certain there are no secrets hardcoded.

6. Poland’s military data is exposed in an email

ERSI is a vendor company that has many Polish government agencies such as border guards, police, and special forces as its clients. In an email sent in 2020, an employee shared access to view a presentation on the company’s cloud servers. However, this email also included the password to other highly sensitive data stored on the same server.

After 3 years of sharing the password, in 2023, it was found that the password was still active and gave anyone access to information about ERSI’s clients, and their data. The data included detailed maps, evacuation plans, and more. Defense is the last place you want to have leaked secrets as the stakes are high. Lives are on the line. However, as Poland learned, it’s all the more important to secure secrets that guard defense data.

Key takeaway: Rotate your organization’s cybersecurity secrets every few weeks

Most organizations treat creating secrets as a one-time activity. However, the longer a secret goes unchanged, the more likely it is to be exposed. The solution is to rotate every secret every few weeks. This way, even if the secret falls into the wrong hands after it’s rotated, the damage done is minimal. To do this, you need a tool to show you exactly when any secret within your organization was rotated. Even better, use a policy to enforce that every secret be rotated periodically.

Bonus takeaway: Scan email & chat conversations for secrets leaks

It’s not just code that needs to be scanned but also internal communication channels like Slack, email, Jira, and more. Employees inadvertently share cybersecurity secrets with others in this un-secure manner

Entro – The solution to prevent cybersecurity secret leaks

Entro is the only complete end-to-end secrets security solution. It provides intelligence and deep monitoring of the activity surrounding each secret. Entro reports on the metadata for each secret such as when it was created, by whom, when it was last rotated, if it has been exposed, and much more. Entro scans every line of code, every container image, every GitHub repository, and every chat and email conversation looking for secrets. Entro alerts you the minute it spots an exposed secret in any part of your infrastructure. Entro is context-aware and can inform you of the severity level of an exposure. Entro easily integrates with any vault you use internally. With Entro, you can rest easy knowing you won’t end up on a list like this. Try Entro today.

Reclaim control over your secrets

Get updates

All secret security right in your inbox

Want full security oversight?

See the Entro platform in action