In December 2024, a major cybersecurity incident exposed sensitive information from over 30,000 public workspaces on the Postman platform, impacting various industries such as healthcare, finance, and e-commerce. CloudSEK’s TRIAD team identified this leak, which included API keys, access tokens, and user data, leaving organizations vulnerable to financial and reputational damage. The incident highlighted the risks associated with using tools designed to facilitate API development, showing how misconfigurations can lead to widespread data breaches. The breach revealed that platforms like GitHub, Slack, and Salesforce were particularly affected, with thousands of exposed credentials. For instance, a healthcare provider faced potential data exposure when a public workspace leaked ZenDesk admin credentials, risking patient information and violating strict regulations like HIPAA. Similarly, multiple Razorpay API keys were found in shared workspaces, which could have enabled unauthorized transactions. These examples illustrate how developer oversights can translate into real-world security threats. The article points to several reasons for these leaks, primarily stemming from misunderstandings of Postman’s workspace visibility settings and the practice of storing sensitive data in plain text. Many developers inadvertently created public workspaces, not realizing their contents were accessible to anyone. In addition, insufficient use of Postman’s built-in security features and a lack of proper training on best practices contributed to the problem. The reliance on third-party vendors also posed risks, as breaches sometimes occurred not through the primary organization’s actions but through less secure partners.