Why Experts Are Rethinking Token Security and API Keys
ITProToday, Tuesday, August 5th, 2025
Exposed API keys are enabling sophisticated cyber-attacks, with organizations struggling to implement effective key management while infostealers quietly exfiltrate credentials to the dark web.
Cybersecurity efforts employed by third-party vendors are increasingly having knock-on effects on organizations. A recent attack on the U.S. Treasury Department, within the Treasury Department's Office of Foreign Assets Control (OFAC) and the Office of the Secretary, was conducted through an exposed API key of a software contractor serving the government institution.
This inside view could lead to espionage designed to uncover sanctions planning and high-level government strategy. For companies undergoing similar cyber-related attacks, the stakes are still high. Microsoft reported $3.5 billion in losses in 2024.