Recently, security researchers have uncovered close to 4,000 unique secrets inside nearly 3,000 PyPI packages https://pypi.org and says that more than 760 of these secrets were found to be valid. Overall, the researchers identified 151 individual types of secrets, including AWS, Azure AD, GitHub, Dropbox, and Auth0 keys, credentials for MongoDB, MySQL, and PostgreSQL, and SSH, Coinbase, and Twilio Master credentials.
Valid credentials pose a critical and immediate threat to organizations, as