API Key Exposure in NASA GitHub Repository Leads to Unauthorized Access to Academic Data

A report published on 27th December highlights a security issue for NASA, after a NASA Jupyter notebook was discovered to have a hardcoded API key allowing access to Elsevier’s Scopus academic search service.
The notebook in question is designed to help users browse and download full papers and was available on NASA’s public GitHub repository.
With the API key being publicly available, anyone could have accessed the academic content between July 2021 and September 2022, which included paper titles, author names and institutional affiliations, potentially leading to abuse of licensed services.
NASA acted swiftly upon discovery of the problem, with the key revoked and the repository updated to remove the danger.
This acts as a timely reminder for organisations to ensure appropriate security protocols are in place for any API initiatives they run.

Fast Feed