The proliferation of cloud services and DevOps has led to increased usage of application programming interfaces (APIs). And many developers rely on services like Postman to design, build, test, and streamline their APIs. CloudSEK’s XVigil has observed a spike in exposed Postman instances. This trend is especially concerning because Postman is used by 500,000 organizations and 20 million developers across the world.
- API secrets can be used to access API endpoints and steal, modify, or delete data, depending on the API functionality.
- Credentials can be used to gain unauthorized access to accounts and internal networks to steal sensitive files and information.
- PII can be leveraged to orchestrate social engineering attacks, phishing campaigns, and identity theft.
- Threat actors can sell the stolen data, or the access itself, on the dark web.
- Monitor public-facing code repos and Postman instances for API secret leaks and credential leaks.
- Make sure API keys are not made publicly available on Postman workspaces.
- Try to keep their Postman workspace private.
- A Postman public workspace exposing an API collection which contained secrets and credentials related to multiple insurance companies. These secrets are meant for internal use of the firms only.
- A Postman public workspace mentioning the leak of API collection which contained secrets and credentials related to multiple insurance companies.