12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training
A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication
Stay secure online with the latest on authentication techniques, best practices, and industry updates at the forefront of information security.
Search across headline titles and summaries.
Background for this topic.
Authentication confirms the identity of users or systems before granting access to resources, typically using factors like passwords (knowledge), hardware tokens (possession), or biometrics (inherence). It establishes trust boundaries that prevent unauthorized entities from impersonating legitimate users or devices within networks and applications.
Weak authentication enables attackers to perform account takeover, privilege escalation, or lateral movement by exploiting stolen credentials, phishing, or replay attacks. Deploying multi-factor authentication (MFA) with independent factors significantly reduces these risks. Secure credential storage, regular rotation, and monitoring authentication logs for anomalies are critical defenses to detect and block unauthorized access attempts early in the attack chain.
A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication
The threat actors are exploiting non-interactive sign-ins, an authentication feature that security teams don't typically monitor.
Microsoft has fixed an issue that caused Entra ID DNS authentication failures when using the company's Seamless SSO and Microsoft Entra Connect Sync. [...]
Everyone knew texted OTPs were a dud back in 2016 Google has confirmed it will phase out the use of SMS text messages for multi-factor authentication in favor of more secure technologies.…