NHI Foundation Level Training Course Launched

Code Formatting Tools Cause Massive Credential Leaks in Enterprises

In November 2025, security researchers discovered that a code beautifier tool, used to format and clean source code, inadvertently exposed sensitive credentials from some of the world’s most sensitive organizations, including banks, government agencies, and major tech companies. The discovery underscores the unexpected risks that development tools and automation can introduce into enterprise security.

These tools, widely trusted by developers to improve code readability, were found to transmit or expose embedded secrets in source code, including passwords, API keys, and cloud credentials, to external services or temporary storage locations. The breach demonstrates how even well-intentioned developer utilities can become vectors for credential leaks.

What Happened

Developers across multiple industries use code beautifiers and formatters to automatically standardize code. However, recent analysis shows that certain tools:

  • Processed files containing hard-coded secrets without detecting them.
  • Stored or transmitted parts of code to remote servers for processing, inadvertently exposing sensitive information.
  • Failed to sanitize outputs or logs, leaving secrets in temporary or publicly accessible locations.

The breach was discovered after security researchers identified patterns of leaked credentials linked to these tools. The exposed data included credentials for cloud services, internal databases, APIs, and even secure admin panels.

In some cases, the compromised credentials belonged to banks and government agencies, highlighting how even routine developer tools can pose high-stakes security risks when handling sensitive code.

How It Happened

The leak occurred due to a combination of factors:

  1. Hard-coded secrets in source code – Developers sometimes store passwords, API keys, or tokens directly in their source files for convenience.
  2. Tool behavior – The code beautifiers analyzed, formatted, or processed these files using cloud-based services or shared environments, inadvertently transmitting sensitive information.
  3. Lack of detection – The tools did not include automatic secret detection or redaction features.
  4. Chain of trust issues – Organizations relied on trusted development tools without fully auditing their operations, assuming local processing was safe.

This situation demonstrates that non-human identities and automated tools (like beautifiers or formatters) can become unmonitored attack surfaces if not properly governed.

What Was Compromised

Exposed data includes:

  • Active Directory credentials
  • Database and cloud credentials
  • Private keys
  • Code repository tokens
  • CI/CD secrets
  • Payment gateway keys
  • API tokens
  • SSH session recordings
  • Large amounts of personally identifiable information (PII), including know-your-customer (KYC) data
  • An AWS credential set used by an international stock exchange’s Splunk SOAR system
  • Credentials for a bank exposed by an MSSP onboarding email

Even a single leaked key can give attackers lateral access to multiple systems, making this breach particularly dangerous.

Possible Impacts

The compromise of credentials through code beautifiers could have severe repercussions:

  • Unauthorized access to cloud and internal systems
  • Theft of sensitive customer or citizen data
  • Disruption of critical services or infrastructure
  • Lateral movement across corporate or government networks
  • Reputational and regulatory consequences for affected organizations

Recommendations

Organizations and developers should take immediate action to mitigate risks:

  1. Audit and rotate credentials that may have been exposed via code formatting tools.
  2. Avoid hard-coding secrets in source code; use secure vaults and environment variables.
  3. Evaluate all development tools for security practices, especially those using cloud or remote processing.
  4. Integrate automated secret scanning into CI/CD pipelines.
  5. Educate developers about the risks of using third-party utilities with sensitive code.
  6. Adopt least-privilege principles for all machine identities.

How NHI Mgmt Group Can Help

Incidents like this underscore a critical truth, Non-Human Identities (NHIs) are now at the center of modern cyber risk. OAuth tokens, AWS credentials, service accounts, and AI-driven integrations act as trusted entities inside your environment, yet they’re often the weakest link when it comes to visibility and control.

At NHI Mgmt Group, we specialize in helping organizations understand, secure, and govern their non-human identities across cloud, SaaS, and hybrid environments. Our advisory services are grounded in a risk-based methodology that drives measurable improvements in security, operational alignment, and long-term program sustainability.

We also offer the NHI Foundation Level Training Course, the world’s first structured course dedicated to Non-Human Identity Security. This course gives you the knowledge to detect, prevent, and mitigate NHI risks.

If your organization uses third-party integrations, AI agents, or machine credentials, this training isn’t optional; it’s essential.

Conclusion

The code beautifier breach is a stark reminder that even tools designed to help developers can unintentionally compromise security. With thousands of secrets at risk across banks, government agencies, and tech organizations, this incident emphasizes the importance of secrets hygiene, developer awareness, and non-human identity governance.

Organizations must treat developer tools as potential attack surfaces and implement continuous monitoring, secret management, and secure coding practices to prevent similar incidents.

#1 Authority in NHI Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs).

Get in Touch

Quick Links

Legal & Policies

©2025 NHIMG. All right reserved.