You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello! It's of utmost importance that you invalidate your API keys.
I was doing security research and was able to find API keys in numerous of repositories. For most of them they are for non-paid subscriptions, so it's not as damaging, as your keys. I was able to check your eleven labs key and found by your subscription type that you are a creator-tier user and someone could use your key and even spend your credits. Please invalidate mentioned API key and, probably, OpenAI API key too.
Sorry for bringing it to the public domain through the issues, you are free to hide/delete it, if possible.
I'm an independent researcher and not in any way is connected to ElevenLabs and/or OpenAI. I'd also like to recommend you to leave somewhere at the bottom some contact info for your open-source projects. E-mail would suffice, so that any good samaritan can contact you about security breach not in the public field.
To exclude this issue from happening again you can fix your .gitignore, i see row with "env" here, it probably should be a ".env", or both, depending on settings.
P.S.
the code i used to check for subscription info:
pod/.env
Lines 1 to 2 in 9a13958
Hello! It's of utmost importance that you invalidate your API keys.
I was doing security research and was able to find API keys in numerous of repositories. For most of them they are for non-paid subscriptions, so it's not as damaging, as your keys. I was able to check your eleven labs key and found by your subscription type that you are a creator-tier user and someone could use your key and even spend your credits. Please invalidate mentioned API key and, probably, OpenAI API key too.
Sorry for bringing it to the public domain through the issues, you are free to hide/delete it, if possible.
I'm an independent researcher and not in any way is connected to ElevenLabs and/or OpenAI. I'd also like to recommend you to leave somewhere at the bottom some contact info for your open-source projects. E-mail would suffice, so that any good samaritan can contact you about security breach not in the public field.
To exclude this issue from happening again you can fix your .gitignore, i see row with "env" here, it probably should be a ".env", or both, depending on settings.
P.S.
the code i used to check for subscription info:
Don't worry, this does not use your credits at all.
The text was updated successfully, but these errors were encountered: