AhmadMkhlalati7
commented
1 month ago I appreciate the heads-up, but I’m aware of this, and it’s an invalid key. Thanks for your concern! 🤠
Closed agi1512 closed 1 month ago
AhmadMkhlalati7
commented
1 month ago I appreciate the heads-up, but I’m aware of this, and it’s an invalid key. Thanks for your concern! 🤠
https://github.com/AhmadMkhlalati7/Dubbing-AI/blob/6ca3389390346fec7745083ca96f7e6769d29d85/.env#L1
Hello! It's important that you invalidate your API key.
I was doing security research and was able to find API keys in numerous repositories. For most of them they are for non-paid subscriptions, so it's not as damaging, as for paid users, but you probably don't want anyone to spend your free credits. I was able to check your eleven labs key to find out about subscription tier, so it's open for anyone to just find it through github search and use your credits. Please invalidate mentioned API key and other API keys probably need invalidating too, if there's any in the commits.
Sorry for bringing it to the public domain through the issues, you are free to hide/delete it, if possible.
I'm an independent researcher and not in any way is connected to ElevenLabs. I'd also like to recommend you to leave somewhere at the bottom some contact info for your open-source projects. E-mail would suffice, so that any good samaritan can contact you about security breach not in the public field.
To exclude this issue from happening again you can fix your git setup, i see row with ".env" here, it should work, but it seems that you accidentaly added .env before adding it to .gitignore so it needs to be manually deleted.
P.S. the code i used to check for subscription info:
Don't worry, this does not use your credits at all.