Thousands of applications have been discovered to be leaking Algolia API keys, which is how our first online security roundup begins. Companies like Lacoste, Stripe, and Slack leverage Algolia technology to build search, discovery, and recommendation features into their online, voice, and mobile applications.
1,500 apps were detected by CloudSEK researchers to be leaking Algolia API keys, 32 of which had hardcoded keys that might be used by attackers to steal or erase millions of users’ data. IP addresses, access information, and analytics data were among the data that was exposed.