Updated on 2022-11-04: Beware of leaks to URLscan.io
German security firm Positive Security published a very interesting blog post this week on how security tools and online services could accidentally leak URLs for private or sensitive web pages to URLscan.io, a service integrated by many tools and websites and used to scan for malicious URLs. GitHub knows how painful this is. kek Read more:
- urlscan.io’s SOAR spot: Chatty security tools leaking private data
- Tell HN: GitHub leaked names of private repos with pages
Overview
Positive Security warned against misconfigured software leaking sensitive records, including password reset links, PayPal invoices, DocuSign requests, and others, on urlscan[.]io. Read more: Urlscan.io API unwittingly leaks sensitive URLs, data