Cybersecurity Today The Hidden Danger of Storing Secrets Online | Interview with Jake Knott from Watchtower
Dec 13, 2025
Jake Knott, Principal Security Researcher at Watchtower, dives into the alarming discovery of over 80,000 leaked credentials in online code-formatting tools. He reveals how these public tools inadvertently expose sensitive information like tokens and customer data. The conversation highlights the challenges of responsible disclosure and how attackers can exploit these vulnerabilities. Knott shares best practices for organizations to safeguard their secrets and discusses ongoing research efforts to combat these risks. A must-listen for anyone concerned about cybersecurity!
AI Snips
Chapters
Transcript
Episode notes
Convenience Creates Large Exposure Risk
- Developers routinely paste sensitive credentials into convenience tools without realizing exposure risks.
- Public 'recent links' pages can make those secrets trivially discoverable by attackers.
Share Links Often Aren't Private
- Many formatting tools offer a 'save and share' link that users assume is private but often isn't.
- A visible community library or recent-links feature turns private shares into public leaks.
Non-Credentials Are Equally Dangerous
- Exposures included not only credentials but also sensitive customer PII and deployment details.
- Non-credential data like JSON blobs and config snippets are equally valuable to attackers.