You can also search for AWS keys and you’ll find quite a few. Or for Heroku keys.
It’s funny and sad at the same time.
> the access key for amazon s3 is:
User XXXXXXX
Access Key ID: XXXXXXXXXXXXXXXXXXX
Secret Access Key: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
> Let me know when you've recorded these and I'll delete the comment.
(blacked out by me)
Or fitgoapp, which has publicly accessible services, with passwords "fitgo" and "fitgoapp" (also visible on trello).
Just go through the entire list of queries at https://www.exploit-db.com/google-hacking-database/ you’ll find so many exposed passwords, it’s crazy. No one ever properly protects their keys and passwords.
At a previous company, a new employee accidentally commited his aws credentials to a public github repo, which had instance creation capabilities.
It got scraped and we had the max amount of instances created at every zone (we assume for mining).
I assume you have bots scraping public sites for those creds at all times.
It’s funny and sad at the same time.
> the access key for amazon s3 is:
> Let me know when you've recorded these and I'll delete the comment.(blacked out by me)
Or fitgoapp, which has publicly accessible services, with passwords "fitgo" and "fitgoapp" (also visible on trello).
Just go through the entire list of queries at https://www.exploit-db.com/google-hacking-database/ you’ll find so many exposed passwords, it’s crazy. No one ever properly protects their keys and passwords.