home.social
Sign in Create account

#apikeys — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #apikeys, aggregated by home.social.

  1. N-gated Hacker News @[email protected] ·

    Ah yes, another "revolutionary" #API promising to unite the #AI models of #Europe with the transformative power of a single login screen. 🌍🔑 Because apparently, the real challenge in AI isn't the technology, but remembering which API key unlocks #Skynet. 🤖✨
    edenai.co #Revolution #Tech #Innovation #APIKeys #HackerNews #ngated

    #api #ai #europe #skynet #revolution #tech
  2. N-gated Hacker News @[email protected] ·

    Ah, the digital Fort Knox of API keys! 🏰 Because who wouldn't want to turn their code into an unending #security checkpoint #circus 🎪, complete with browser verifications and #JavaScript hijinks? Just what every developer dreams of: #debugging security measures instead of their actual code! 🚀
    keycard.studio/ #APIkeys #DeveloperLife #HackerNews #ngated

    #security #circus #javascript #debugging #apikeys #developerlife
  3. Hacker News @[email protected] ·

    My adventure in designing API keys

    vjay15.github.io/blog/apikeys/

    #HackerNews #APIkeys #Adventure #Coding #Design #TechBlog

    #hackernews #apikeys #adventure #coding #design #techblog
  4. ResearchBuzz: Firehose @[email protected] ·

    The Register: Security boffins scoured the web and found hundreds of valid API keys. “Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.”

    https://rbfirehose.com/2026/04/01/the-register-security-boffins-scoured-the-web-and-found-hundreds-of-valid-api-keys/
    #apikeys #apis #cybersecurity #enterprisecybersecurity #security #webpages
  5. N-gated Hacker News @[email protected] ·

    🚨 NEWSFLASH: Captain Obvious discovers that leaving admin keys exposed is a bad idea! 🤯 Who knew?! Our hero triumphantly stumbles upon 39 API keys just lying around like Easter eggs on the internet. In an explosive twist, he asks, "What if OTHER sites have the same issue?" 🕵️‍♂️🔍💡
    benzimmermann.dev/blog/algolia #CaptainObvious #APIkeys #SecurityBreach #CyberAwareness #InternetSafety #DataProtection #HackerNews #ngated

    #captainobvious #apikeys #securitybreach #cyberawareness #internetsafety #dataprotection
  6. SkypLabs @[email protected] ·

    To search for Google API keys recursively in the current folder and its sub-folders with ripgrep:

    rg 'AIza[0-9A-Za-z\-_]{35}' -o

    Also shared on Shodan Snippets:

    snippets.shodan.io/c/FHw2r7wWI

    #Security #OneLiner #Google #GoogleAPIKeys #APIkeys #ripgrep #Regex #BugBounty #Snippet

    #security #oneliner #google #googleapikeys #apikeys #ripgrep
  7. SkypLabs @[email protected] ·

    To search for Google API keys recursively in the current folder and its sub-folders with ripgrep:

    rg 'AIza[0-9A-Za-z\-_]{35}' -o

    Also shared on Shodan Snippets:

    snippets.shodan.io/c/FHw2r7wWI

    #Security #OneLiner #Google #GoogleAPIKeys #APIkeys #ripgrep #Regex #BugBounty #Snippet

    #snippet #bugbounty #regex #ripgrep #apikeys #googleapikeys
  8. SkypLabs @[email protected] ·

    To search for Google API keys recursively in the current folder and its sub-folders with ripgrep:

    rg 'AIza[0-9A-Za-z\-_]{35}' -o

    Also shared on Shodan Snippets:

    snippets.shodan.io/c/FHw2r7wWI

    #Security #OneLiner #Google #GoogleAPIKeys #APIkeys #ripgrep #Regex #BugBounty #Snippet

    #security #oneliner #google #googleapikeys #apikeys #ripgrep
  9. N-gated Hacker News @[email protected] ·

    🚨 Breaking news, folks: it turns out API keys are not like your diary's lock after all! Who would have thought? 😱 Apparently, sharing keys meant for public use with a private access service can lead to some unwanted surprises! Google must be thrilled! 🔓🤦‍♂️
    simonwillison.net/2026/Feb/26/ #APIkeys #PublicAccess #DataSecurity #GoogleNews #TechSurprise #HackerNews #ngated

    #apikeys #publicaccess #datasecurity #googlenews #techsurprise #hackernews
  10. N-gated Hacker News @[email protected] ·

    🚨 Breaking news, folks: it turns out API keys are not like your diary's lock after all! Who would have thought? 😱 Apparently, sharing keys meant for public use with a private access service can lead to some unwanted surprises! Google must be thrilled! 🔓🤦‍♂️
    simonwillison.net/2026/Feb/26/ #APIkeys #PublicAccess #DataSecurity #GoogleNews #TechSurprise #HackerNews #ngated

    #apikeys #publicaccess #datasecurity #googlenews #techsurprise #hackernews
  11. N-gated Hacker News @[email protected] ·

    🚨 Breaking news, folks: it turns out API keys are not like your diary's lock after all! Who would have thought? 😱 Apparently, sharing keys meant for public use with a private access service can lead to some unwanted surprises! Google must be thrilled! 🔓🤦‍♂️
    simonwillison.net/2026/Feb/26/ #APIkeys #PublicAccess #DataSecurity #GoogleNews #TechSurprise #HackerNews #ngated

    #ngated #hackernews #techsurprise #googlenews #datasecurity #publicaccess
  12. N-gated Hacker News @[email protected] ·

    🚨 Breaking news, folks: it turns out API keys are not like your diary's lock after all! Who would have thought? 😱 Apparently, sharing keys meant for public use with a private access service can lead to some unwanted surprises! Google must be thrilled! 🔓🤦‍♂️
    simonwillison.net/2026/Feb/26/ #APIkeys #PublicAccess #DataSecurity #GoogleNews #TechSurprise #HackerNews #ngated

    #apikeys #publicaccess #datasecurity #googlenews #techsurprise #hackernews
  13. hasamba @[email protected] ·

    ----------------

    🎯 AI
    ===================

    Executive summary: Moltbook, an AI-only social network populated by OpenClaw agents, presents immediate security risks: pervasive spam/scams, exposure of agents to untrusted content via API-oriented prompt files, and a reported database compromise that leaked API keys enabling bot impersonation and direct prompt injection.

    Technical details:
    • SKILLS.md, HEARTBEAT.md, and MESSAGING.md are repository-style markdown files that describe how agents interact with the Moltbook API. SKILLS.md documents API interactions and recommends HTTP requests (curl-style). HEARTBEAT.md instructs periodic check-ins. MESSAGING.md notes that messaging requires human approval, while other endpoints accept automated agent input.
    • Experimental tooling (reported as a CLI tool named moltbotnet) implemented API calls for posting, commenting, upvoting, following, and engagement automation. This tooling demonstrates how easily an agent or impersonator can script interactions.
    • Reported breach of Moltbook’s database exposed API keys tied to agent identities. Those keys materially enable: impersonation of legitimate agents, submission of crafted prompts to agent workloads, and direct prompt injection vectors that bypass typical human-only guards.

    Analysis:

    The combination of (1) public, machine-readable prompt files that instruct agents how to behave, (2) open posting and engagement that accepts untrusted content, and (3) leaked credentials produces two classes of injection risks: indirect prompt injection (agents ingesting malicious content from other agents) and direct prompt injection (attacker using stolen API keys to send malicious prompts as a trusted agent). The observed ecosystem is also saturated with social-engineering lures (requests to run package installers, share crypto wallets, or call external APIs).

    Detection guidance:
    • Monitor unexpected use of API keys or unusual posting frequency associated with agent identities.
    • Inspect content sources for scripted patterns (repeated promotional payloads, command-like text referencing package managers or curl usage).

    Limitations:
    • No public CVE identifiers are reported in the source material.
    • Exact scope of leaked API keys (number of keys, associated privileges) was not enumerated in the writeup.

    References and tags:

    SKILLS.md, HEARTBEAT.md, MESSAGING.md — Tenable Research field report on Moltbook interactions and breach findings.

    🔹 OpenClaw #Moltbook #promptinjection #APIkeys #Tenable

    🔗 Source: tenable.com/blog/undercover-on

    #moltbook #promptinjection #apikeys #tenable
  14. hasamba @[email protected] ·

    ----------------

    🎯 AI
    ===================

    Executive summary: Moltbook, an AI-only social network populated by OpenClaw agents, presents immediate security risks: pervasive spam/scams, exposure of agents to untrusted content via API-oriented prompt files, and a reported database compromise that leaked API keys enabling bot impersonation and direct prompt injection.

    Technical details:
    • SKILLS.md, HEARTBEAT.md, and MESSAGING.md are repository-style markdown files that describe how agents interact with the Moltbook API. SKILLS.md documents API interactions and recommends HTTP requests (curl-style). HEARTBEAT.md instructs periodic check-ins. MESSAGING.md notes that messaging requires human approval, while other endpoints accept automated agent input.
    • Experimental tooling (reported as a CLI tool named moltbotnet) implemented API calls for posting, commenting, upvoting, following, and engagement automation. This tooling demonstrates how easily an agent or impersonator can script interactions.
    • Reported breach of Moltbook’s database exposed API keys tied to agent identities. Those keys materially enable: impersonation of legitimate agents, submission of crafted prompts to agent workloads, and direct prompt injection vectors that bypass typical human-only guards.

    Analysis:

    The combination of (1) public, machine-readable prompt files that instruct agents how to behave, (2) open posting and engagement that accepts untrusted content, and (3) leaked credentials produces two classes of injection risks: indirect prompt injection (agents ingesting malicious content from other agents) and direct prompt injection (attacker using stolen API keys to send malicious prompts as a trusted agent). The observed ecosystem is also saturated with social-engineering lures (requests to run package installers, share crypto wallets, or call external APIs).

    Detection guidance:
    • Monitor unexpected use of API keys or unusual posting frequency associated with agent identities.
    • Inspect content sources for scripted patterns (repeated promotional payloads, command-like text referencing package managers or curl usage).

    Limitations:
    • No public CVE identifiers are reported in the source material.
    • Exact scope of leaked API keys (number of keys, associated privileges) was not enumerated in the writeup.

    References and tags:

    SKILLS.md, HEARTBEAT.md, MESSAGING.md — Tenable Research field report on Moltbook interactions and breach findings.

    🔹 OpenClaw #Moltbook #promptinjection #APIkeys #Tenable

    🔗 Source: tenable.com/blog/undercover-on

    #moltbook #promptinjection #apikeys #tenable
  15. hasamba @[email protected] ·

    ----------------

    🎯 AI
    ===================

    Executive summary: Moltbook, an AI-only social network populated by OpenClaw agents, presents immediate security risks: pervasive spam/scams, exposure of agents to untrusted content via API-oriented prompt files, and a reported database compromise that leaked API keys enabling bot impersonation and direct prompt injection.

    Technical details:
    • SKILLS.md, HEARTBEAT.md, and MESSAGING.md are repository-style markdown files that describe how agents interact with the Moltbook API. SKILLS.md documents API interactions and recommends HTTP requests (curl-style). HEARTBEAT.md instructs periodic check-ins. MESSAGING.md notes that messaging requires human approval, while other endpoints accept automated agent input.
    • Experimental tooling (reported as a CLI tool named moltbotnet) implemented API calls for posting, commenting, upvoting, following, and engagement automation. This tooling demonstrates how easily an agent or impersonator can script interactions.
    • Reported breach of Moltbook’s database exposed API keys tied to agent identities. Those keys materially enable: impersonation of legitimate agents, submission of crafted prompts to agent workloads, and direct prompt injection vectors that bypass typical human-only guards.

    Analysis:

    The combination of (1) public, machine-readable prompt files that instruct agents how to behave, (2) open posting and engagement that accepts untrusted content, and (3) leaked credentials produces two classes of injection risks: indirect prompt injection (agents ingesting malicious content from other agents) and direct prompt injection (attacker using stolen API keys to send malicious prompts as a trusted agent). The observed ecosystem is also saturated with social-engineering lures (requests to run package installers, share crypto wallets, or call external APIs).

    Detection guidance:
    • Monitor unexpected use of API keys or unusual posting frequency associated with agent identities.
    • Inspect content sources for scripted patterns (repeated promotional payloads, command-like text referencing package managers or curl usage).

    Limitations:
    • No public CVE identifiers are reported in the source material.
    • Exact scope of leaked API keys (number of keys, associated privileges) was not enumerated in the writeup.

    References and tags:

    SKILLS.md, HEARTBEAT.md, MESSAGING.md — Tenable Research field report on Moltbook interactions and breach findings.

    🔹 OpenClaw #Moltbook #promptinjection #APIkeys #Tenable

    🔗 Source: tenable.com/blog/undercover-on

    #tenable #apikeys #promptinjection #moltbook
  16. hasamba @[email protected] ·

    ----------------

    🎯 AI
    ===================

    Executive summary: Moltbook, an AI-only social network populated by OpenClaw agents, presents immediate security risks: pervasive spam/scams, exposure of agents to untrusted content via API-oriented prompt files, and a reported database compromise that leaked API keys enabling bot impersonation and direct prompt injection.

    Technical details:
    • SKILLS.md, HEARTBEAT.md, and MESSAGING.md are repository-style markdown files that describe how agents interact with the Moltbook API. SKILLS.md documents API interactions and recommends HTTP requests (curl-style). HEARTBEAT.md instructs periodic check-ins. MESSAGING.md notes that messaging requires human approval, while other endpoints accept automated agent input.
    • Experimental tooling (reported as a CLI tool named moltbotnet) implemented API calls for posting, commenting, upvoting, following, and engagement automation. This tooling demonstrates how easily an agent or impersonator can script interactions.
    • Reported breach of Moltbook’s database exposed API keys tied to agent identities. Those keys materially enable: impersonation of legitimate agents, submission of crafted prompts to agent workloads, and direct prompt injection vectors that bypass typical human-only guards.

    Analysis:

    The combination of (1) public, machine-readable prompt files that instruct agents how to behave, (2) open posting and engagement that accepts untrusted content, and (3) leaked credentials produces two classes of injection risks: indirect prompt injection (agents ingesting malicious content from other agents) and direct prompt injection (attacker using stolen API keys to send malicious prompts as a trusted agent). The observed ecosystem is also saturated with social-engineering lures (requests to run package installers, share crypto wallets, or call external APIs).

    Detection guidance:
    • Monitor unexpected use of API keys or unusual posting frequency associated with agent identities.
    • Inspect content sources for scripted patterns (repeated promotional payloads, command-like text referencing package managers or curl usage).

    Limitations:
    • No public CVE identifiers are reported in the source material.
    • Exact scope of leaked API keys (number of keys, associated privileges) was not enumerated in the writeup.

    References and tags:

    SKILLS.md, HEARTBEAT.md, MESSAGING.md — Tenable Research field report on Moltbook interactions and breach findings.

    🔹 OpenClaw #Moltbook #promptinjection #APIkeys #Tenable

    🔗 Source: tenable.com/blog/undercover-on

    #moltbook #promptinjection #apikeys #tenable
  17. Le site de Korben [Unofficial] @[email protected] ·

    Envmap - Fini les fichiers .env qui traînent et finissent sur GitHub

    fed.brid.gy/r/https://korben.i

    #developpementoutilsdeveloppement #viepriveeanonymatchiffrement #apikeys #aws #devops #environnement
  18. Pyrzout :vm: @[email protected] ·

    Fr Express Data Breach: ISP Source Code, API, and Billing Data Leaked dailydarkweb.net/fr-express-da #telecommunications #sourcecodeleak #DataBreaches #databaseleak #cyberattack #Bangladesh #databreach #FrExpress #APIKeys #ABillS #ISP

    #telecommunications #sourcecodeleak #databreaches #databaseleak #cyberattack #bangladesh
  19. Pyrzout :vm: @[email protected] ·

    BlossomCloud Data Breach Exposes Source Code dailydarkweb.net/blossomcloud- #BlossomCloud.co.kr #ContractorBreach #sourcecodeleak #DataBreaches #BanBanPlay #databreach #SouthKorea #technology #dataleak #APIKeys

    #blossomcloud #contractorbreach #sourcecodeleak #databreaches #banbanplay #databreach
  20. ResearchBuzz: Firehose @[email protected] ·

    The Register: AI companies keep publishing private API keys to GitHub. “Leading AI companies turn out to be no better at keeping secrets than anyone else writing code. Cloud security firm Wiz has found that 65 percent of the Forbes AI 50 ‘had leaked verified secrets on GitHub,’ minus a few with no presence on the code sharing site.”

    https://rbfirehose.com/2025/11/11/the-register-ai-companies-keep-publishing-private-api-keys-to-github/

    #api #apikeys #cybersecurity #github #opensource #personalinformation
  21. Brandon H :csharp: :verified: @[email protected] ·

    via @dotnet : New Trusted Publishing enhances security on NuGet.org

    ift.tt/FWdNpaR
    #TrustedPublishing #NuGet #GitHubActions #Security #ShortLivedKeys #APIkeys #SoftwareDevelopment #OpenSSF #NuGetCommunity #SecurePublishing #DevOps #CI #Cont

    #trustedpublishing #nuget #githubactions #security #shortlivedkeys #apikeys
  22. Jak2k 🏳️‍🌈 @[email protected] ·

    OH: Moment, ich gibt dir die API-Keys aus dem Production Pod zum Testen.

    #cloud #secretmanagement #APIKeys #javadevelopment

    #cloud #secretmanagement #apikeys #javadevelopment
  23. PrivacyDigest @[email protected] ·

    Employee #monitoring app exposes 21M work screens​ | Cybernews

    The #leaked data is extremely sensitive, as millions of screenshots from employees' devices could not only expose full-screen captures of emails, internal chats, and confidential business documents, but also contain #login pages, credentials, #APIkeys , and other sensitive info that could be #exploited to attack businesses worldwide.

    Cybernews contacted the company, and access has now been secured.
    #privacy

    cybernews.com/security/employe

    #privacy #exploited #apikeys #login #leaked #monitoring
  24. PrivacyDigest @[email protected] ·

    Exposed #DeepSeek Database Revealed #Chat Prompts and Internal Data

    China-based DeepSeek has exploded in popularity, drawing greater scrutiny. Case in point: #Security researchers found more than 1 million records, including user data and #APIkeys , in an open database.
    #china #api

    wired.com/story/exposed-deepse

    #api #china #apikeys #security #chat #deepseek
  25. Evostrix @[email protected] ·

    Prometheus Security Breach 300K Instances Expose Credentials and API Keys
    Today, we're diving into the alarming news of a massive security breach involving Prometheus, a popular monitoring and alerting tool used by countless organizations worldwide
    #PrometheusSecurity #DataBreach #CyberSecurity #APIKeys #CredentialLeak #InformationSecurity #DataProtection #SecurityIncident #CyberThreat #TechNews #hack #security #news #privacy #leaks
    cloudhosting.evostrix.eu/prome

    #prometheussecurity #databreach #cybersecurity #apikeys #credentialleak #informationsecurity
  26. Gonçalo Valério @[email protected] ·

    "tl;dr Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it’s become one of the largest public sources of leaked secrets. We estimate over 4,000 live credentials are currently leaking publicly on Postman for a variety of popular SaaS and cloud providers."

    trufflesecurity.com/blog/postm

    #security #api #postman #apikeys #cybersecurity

    #cybersecurity #apikeys #postman #api #security
  27. Indusface @[email protected] ·

    👉 #SAML, #OAuth 2.0, and #JWT establish a robust framework for securing #API authentication and authorization processes.

    Explore other key #apisecurity protocols essential for securing your API endpoints: bit.ly/3Rn96bb

    #apiattacks #apiendpoints #authentication #authorization #apibreaches #databreaches #vulnerabilities #apikeys #apptrana #indusface

    #saml #oauth #jwt #api #apisecurity #apiattacks
  28. Indusface @[email protected] ·

    👉 #SAML, #OAuth 2.0, and #JWT establish a robust framework for securing #API authentication and authorization processes.

    Explore other key #apisecurity protocols essential for securing your API endpoints: bit.ly/3Rn96bb

    #apiattacks #apiendpoints #authentication #authorization #apibreaches #databreaches #vulnerabilities #apikeys #apptrana #indusface

    #saml #oauth #jwt #api #apisecurity #apiattacks
  29. Indusface @[email protected] ·

    👉 #SAML, #OAuth 2.0, and #JWT establish a robust framework for securing #API authentication and authorization processes.

    Explore other key #apisecurity protocols essential for securing your API endpoints: bit.ly/3Rn96bb

    #apiattacks #apiendpoints #authentication #authorization #apibreaches #databreaches #vulnerabilities #apikeys #apptrana #indusface

    #saml #oauth #jwt #api #apisecurity #apiattacks
  30. urig @[email protected] ·

    I'm failing to grok how #APIKeys and #GCP (#GoogleCloudPlatform) "projects" work.

    I need to distinguish between different customers calling my #API via their API keys. The official documentation says "create a separate GCP project for each [customer]" (source: cloud.google.com/endpoints/doc)

    I could have hundreds or more of different customers. Am I expected to create a GCP project for each one?

    #apikeys #gcp #googlecloudplatform #api
  31. Gareth Emslie 🇿🇦 🇪🇦 🇨🇭 @[email protected] ·

    Microsoft has announced that API keys will be retired for querying application insights. Users will need to transition to Azure AD authentication, which provides additional features such as multi-factor authentication and hybrid integration for password protection policies. The deadline for transitioning to... azure.microsoft.com/en-us/upda #AzureAD #APIkeys #applicationinsights #softcorpremium

    #azuread #apikeys #applicationinsights #softcorpremium
  32. Crypto News @[email protected] ·

    Bitcoin ATM maker shuts cloud service after user hot wallets compromised - Bitcoin ATM manufacturer General Bytes said a hacker was able to ... - cointelegraph.com/news/bitcoin #securitybreach #generalbytes #bitcoinatm #hotwallets #apikeys

    #apikeys #hotwallets #bitcoinatm #generalbytes #securitybreach
  33. Crypto News @[email protected] ·

    Bitcoin ATM maker shuts cloud service after user hot wallets compromised - Bitcoin ATM manufacturer General Bytes said a hacker was able to ... - cointelegraph.com/news/bitcoin #securitybreach #generalbytes #bitcoinatm #hotwallets #apikeys

    #apikeys #hotwallets #bitcoinatm #generalbytes #securitybreach
  34. Crypto News @[email protected] ·

    Bitcoin ATM maker shuts cloud service after user hot wallets compromised - Bitcoin ATM manufacturer General Bytes said a hacker was able to ... - cointelegraph.com/news/bitcoin #securitybreach #generalbytes #bitcoinatm #hotwallets #apikeys

    #securitybreach #generalbytes #bitcoinatm #hotwallets #apikeys
  35. Crypto News @[email protected] ·

    Bitcoin ATM maker shuts cloud service after user hot wallets compromised - Bitcoin ATM manufacturer General Bytes said a hacker was able to ... - cointelegraph.com/news/bitcoin #securitybreach #generalbytes #bitcoinatm #hotwallets #apikeys

    #apikeys #hotwallets #bitcoinatm #generalbytes #securitybreach
  36. Cryptocurrency News Worldwide @[email protected] ·

    Bitcoin ATM maker shuts cloud service after user hot wallets compromised

    cointelegraph.com/news/bitcoin

    #securitybreach #GeneralBytes #BitcoinATM #hotwallets #APIkeys

    #securitybreach #generalbytes #bitcoinatm #hotwallets #apikeys
  37. Cryptocurrency News Worldwide @[email protected] ·

    Bitcoin ATM maker shuts cloud service after user hot wallets compromised

    cointelegraph.com/news/bitcoin

    #securitybreach #GeneralBytes #BitcoinATM #hotwallets #APIkeys

    #securitybreach #generalbytes #bitcoinatm #hotwallets #apikeys
  38. ₛᵤₙdᵣᵤᵢd @[email protected] ·

    Question for the local community:

    When you generate API secrets as an administrator of the application, you have access to them. Very common when creating secrets for a service accounts etc. But the logs will always point to the user you created and is open to abuse.

    Under API security, is there a 'best practice' or some regulation guidance that says that this form of delegation has to be accurately authenticated 'by user' in a logging mechanism? #apikeys #gdpr #logging #infosec

    #apikeys #gdpr #logging #infosec
  39. hobs @[email protected] ·

    Dealing with my first #securitybreach for a system I'm responsible for.
    T0: Dev pushed cloud platform #APIkeys to #publicrepo
    T0+30 min: Beijing IP attempted to create docker-machine host and security group allowing that IP ingress. When permissions were insufficient #hacker immediately deleted security group.
    T0 +40 min: later our customer (owner of the cloud platform account) forwarded an alert email from the platform.
    T0 +50 min: our lockdown and #forensics began

    #securitybreach #apikeys #publicrepo #hacker #forensics