[Urgent] Password Leak

[Luzefiru]

What?

Your email used to send emails has its email & password in plaintext and can be breached by hackers. I was able to use the account without any hassle.

const
    email = 'uscbiyahe@gmail.com',
    password = 'uscbiyahePa55' // CAUTION!

const transporter = mail.createTransport({
    host: 'smtp.google.com',
    port: 465,
    secure: true,
    auth: {
        type: 'OAUTH2',
        user: email ,
        pass: password ,
    }
})

Please review this specific line of code here.

Why?

You're probably not using secrets in your application, which leads to exposure of sensitive credentials. If you deploy this online, store your secrets inside the cloud host's Secrets/Environment Variable settings and access it with the process.env global object.

If you don't - hackers acting in ill-will can easily breach your accounts.

References

I recommend watching this video: How to Use Environment Files (.env) in Node.js - Tutorial (dotenv) for more information on how to protect your data.

Next.js has an Environment Variable manager in their console as well, see this video: Keeping Your Data Secure: Environment Variables in NextJS / React for more information.

Going Forward

🚨 CHANGE YOUR PASSWORD 🚨

This repository is as good as breached as anyone can check the version history. Try to revert the commit history to the point before you added the credentials and force push to your origin branch after overwriting it.

Or even simpler, delete this repository and create a new one, without any breached credentials. The downside of this is that you lose your commit history and branches.

You should probably look into these stuff and testing them in other repositories before doing it here.

Stay safe out there! 🙂

[AdrianBonpin]

its a throwaway account no worry, but ill remove it again hahaha