API keys, clouds, tokens, security
Want to be somewhat shocked and appalled? Search ‘firstname.lastname@example.org’ in Shodan:
Helpfully you get the username, password, security tokens to use in the results:
And there are a lot of them, all from the same company, all vmware on salesforce for login. Some with ‘Ellucian’, an e-learning connector, some not.
Don’t worry, the api key, username, password, they are always the same. You don’t need to bother scraping 🙂
protip: A good way to find exposed api’s is to search for ‘apiVersion’