logoalt Hacker News

I Found 39 Algolia Admin Keys Exposed Across Open Source Documentation Sites

69 pointsby kernelrocksyesterday at 10:52 PM18 commentsview on HN

Comments

stickynotememoyesterday at 11:24 PM

So why hasn't the HomeAssistant docs page been nuked yet?

TechSquidTVtoday at 12:34 AM

I have been developing an OpenClaw-like agent that automates exactly this type of attack.

show 1 reply
netsharcyesterday at 11:30 PM

Man, talk about unnecessary graphs... ok graph 2 is maybe tolerable, although it's showing the popularity of the projects, not a metric of how many errors/vulnerabilities found in those projects.

I'm not a newspaper editor, but I think if this was an article for one, they'd also say the graphs are unnecessary. It smells of "I need some visual stuff to make this text interesting"...

show 2 replies
fix4funyesterday at 11:10 PM

Interesting how many people already are playing with these API keys ? ;)

toomuchtodoyesterday at 10:53 PM

Great write up. Reminder that if you commit these to a Github Gist and the provider partners with GitHub for secrets scanning, they’ll rapidly be invalidated.

show 1 reply
ClaudioAnthroptoday at 12:30 AM

[dead]

cc-dyesterday at 11:15 PM

[dead]