{"id":201573,"date":"2024-12-14T03:06:23","date_gmt":"2024-12-14T09:06:23","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2024\/12\/over-300k-prometheus-instances-exposed-credentials-and-api-keys-leaking-online"},"modified":"2024-12-14T03:06:23","modified_gmt":"2024-12-14T09:06:23","slug":"over-300k-prometheus-instances-exposed-credentials-and-api-keys-leaking-online","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2024\/12\/over-300k-prometheus-instances-exposed-credentials-and-api-keys-leaking-online","title":{"rendered":"Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/over-300k-prometheus-instances-exposed-credentials-and-api-keys-leaking-online.jpg\"><\/a><\/p>\n<p>As many as 296,000 <a href=\"https:\/\/prometheus.io\/docs\/guides\/node-exporter\/\" rel=\"noopener\" target=\"_blank\">Prometheus Node Exporter<\/a> instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk.<\/p>\n<p>The fact that sensitive information, such as credentials, passwords, authentication tokens, and API keys, could be leaked through internet-exposed Prometheus servers has been documented previously by <a href=\"https:\/\/thehackernews.com\/2021\/10\/experts-warn-of-unprotected-prometheus.html\" rel=\"noopener\" target=\"_blank\">JFrog<\/a> in 2021 and <a href=\"https:\/\/sysdig.com\/blog\/exposed-prometheus-exploit-kubernetes-kubeconeu\/\" rel=\"noopener\" target=\"_blank\">Sysdig<\/a> in 2022.<\/p>\n<p>\u201cUnauthenticated Prometheus servers enable direct querying of internal data, potentially exposing secrets that attackers can exploit to gain an initial foothold in various organizations,\u201d the researchers said.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As many as 296,000 Prometheus Node Exporter instances and 40,300 Prometheus servers have been estimated to be publicly accessible over the internet, making them a huge attack surface that could put data and services at risk. The fact that sensitive information, such as credentials, passwords, authentication tokens, and API keys, could be leaked through internet-exposed [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[418,1492],"tags":[],"class_list":["post-201573","post","type-post","status-publish","format-standard","hentry","category-internet","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/201573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=201573"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/201573\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=201573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=201573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=201573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}