VikramAditya144
commented
1 month ago Thank you so much for letting me know really appreciate your efforts. I did that by mistake , I really have some cool ideas which we can build with GenAI. If you are interested then pls let me know. I would love to work with you.
Get Outlook for Androidhttps://aka.ms/AAb9ysg
From: Vladimir Korshunov @.> Sent: Monday, October 7, 2024 1:27:23 AM To: VikramAditya144/Storing-Large-PDF-Pinecone @.> Cc: Subscribed @.***> Subject: [VikramAditya144/Storing-Large-PDF-Pinecone] API keys exposed (Issue #1)
Hello! It's important that you invalidate your API keys.
I was doing security research and was able to find API keys in numerous repositories. For most of them they are for non-paid subscriptions, so it's not as damaging, as for paid users, but you probably don't want anyone to spend your free credits. I was able to check your eleven labs key to find out about subscription tier, so it's open for anyone to just find it through github search and use your credits. Please invalidate mentioned API key and other API keys probably need invalidating too, if there's any.
Sorry for bringing it to the public domain through the issues, you are free to hide/delete it, if possible.
I'm an independent researcher and not in any way is connected to ElevenLabs. I'd also like to recommend you to leave somewhere at the bottom some contact info for your open-source projects. E-mail would suffice, so that any good samaritan can contact you about security breach not in the public field.
To exclude this issue from happening again you can fix your .gitignore. Manually delete your file from repository and then add your file to .gitignore https://git-scm.com/docs/gitignore
P.S. the code i used to check for subscription info:
client = ElevenLabs( api_key=key, ) print(client.user.get_subscription().dict)
Don't worry, this does not use your credits at all.
— Reply to this email directly, view it on GitHubhttps://github.com/VikramAditya144/Storing-Large-PDF-Pinecone/issues/1, or unsubscribehttps://github.com/notifications/unsubscribe-auth/BB2LWEKLMABT7TTYL5ZG77DZ2GI2FAVCNFSM6AAAAABPOTTUH6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGU3DQOBWGUYTAOI. You are receiving this because you are subscribed to this thread.Message ID: @.***>
https://github.com/VikramAditya144/Storing-Large-PDF-Pinecone/blob/bea515faeffe6e284adae7485df83397836b03b6/.env#L1-L4
Hello! It's important that you invalidate your API keys.
I was doing security research and was able to find API keys in numerous repositories. For most of them they are for non-paid subscriptions, so it's not as damaging, as for paid users, but you probably don't want anyone to spend your free credits. I was able to check your eleven labs key to find out about subscription tier, so it's open for anyone to just find it through github search and use your credits. Please invalidate mentioned API key and other API keys probably need invalidating too, if there's any.
Sorry for bringing it to the public domain through the issues, you are free to hide/delete it, if possible.
I'm an independent researcher and not in any way is connected to ElevenLabs. I'd also like to recommend you to leave somewhere at the bottom some contact info for your open-source projects. E-mail would suffice, so that any good samaritan can contact you about security breach not in the public field.
To exclude this issue from happening again you can fix your .gitignore. Manually delete your file from repository and then add your file to .gitignore https://git-scm.com/docs/gitignore
P.S. the code i used to check for subscription info:
Don't worry, this does not use your credits at all.