We used NerdyData's Custom Reporting tool and identified 757 distinct Secret or restricted Stripe API Keys across 1,056 unique domains.
Stripe Stripe API Keys are what power Stripe's e-commerce platform and give access to export customer data, business subscription data, and even charge customers. This can lead to security vulnerabilities and data breaches if the keys are not properly protected.
NerdyData's Custom Reporting product scans over 2.4 billion webpages, across 38 million registered domain names. With these custom reports, we are able to analyze and extract any HTML code that matches a particular search term.
In this case, we scanned for Stripe Payment Links using a regular expression that matches sk_live_ (full access secret keys) or rk_live_ (restricted permission keys). We were able to extract which URLs these keys were used on.
Below are obfuscated samples of the data we extracted of exposed API keys. If you have questions about the data, feel free to reach out to our team at support@nerdydata.com
Exposed Stripe API Keys (Sample Data)