Account Takeover And CredentialsAccount Issue

Publicly posted API keys in plaintext

April 4, 2026Het Mehta

Het Mehta spotlights a case where multiple LLM provider API keys were shared publicly, illustrating how easily credentials leak and can be abused immediately for unauthorized usage and cost blowups.

Open in PulseSee the full authority discussion →

QUOTES

Someone publicly shared all API keys here:

OPENAI_API_KEY=sk-proj-q9F2mYxK8D4sLZ0a7HcE3R6NwP1U5tJb

ANTHROPIC_API_KEY=sk-ant-api03-2m9QF4RkZJ8W0X6L3PAsHcE

GEMINI_API_KEY=AIzaSyC3nP9R2sZ0Lk4QFJ8WmXH

VOICES

Het Mehta

RELATED TERMS

api keyscredentials storedclaudellmcredentials storedapi keys

OTHER FINDINGS IN ACCOUNT TAKEOVER AND CREDENTIALS

LinkedIn hidden code collecting installed software and transmitting it to LinkedIn and third parties Email address unmasking despite Apple Hide My Email OpenAI Codex branch-name command injection stealing GitHub tokens

AMYGDALA PULSE

See what authorities are saying right now

This finding is one of many signals tracked across Cyber Security. The live feed updates every few hours with new authority voices, debates, and emerging ideas.

Open Cyber Security Pulse Browse all topics

← Back to Cyber Security