A study led by Nurullah Demir from Stanford University analyzed 10 million websites and identified 1,748 exposed API credentials from providers like Amazon Web Services and Stripe. These credentials, often found in JavaScript files, can allow unauthorized access to sensitive resources. Notably, some had been public for up to several years. The team recommends developers scan live site versions and improve automated detection systems to prevent such leaks in the future.