Truffle Security discovered a major vulnerability in Postman, a popular API testing platform, leaking 4,000 active credentials. The exposure impacted individuals and organizations, making Postman a leading source of leaked secrets. Postman's public network, intended for developers to share APIs, inadvertently exposed credentials from 183 SaaS and cloud providers, including industry giants like AWS and GitHub
Truffle Security's investigation used TruffleHog's Postman secret scanner to identify 1,689 unique credentials from 40,000 workspaces, highlighting risks of unauthorized access and data breaches. Recommendations include reviewing workspace settings, enhancing user awareness, and utilizing TruffleHog's tool to scan for vulnerabilities, emphasizing the urgency to address potential cyber threats. https://cybersecuritynews.com/postman-api-testing-platform-flaw/