A formatter leak that should change how you pick tools

In late November 2025, security firm watchTowr published a disclosure about two of the most popular online JSON formatter sites — jsonformatter.org and codebeautify.org. Both offered a "Recent Links" feature that let users share formatted output with a teammate. The URLs were predictable, which meant the saved content was effectively reachable to anyone who guessed the URL pattern.

Per the watchTowr report, the result was over 80,000 saved snippets, totaling 5 GB+ of data, sitting on the public internet without authentication. The content that researchers were able to retrieve included:

Active Directory credentials

Cloud access keys (AWS / Azure / GCP)