Cross-industryData LeakageSearch / RAGHigh

Common Crawl December 2024 dump exposes 12,000 live API keys and passwords

A security analysis of the Common Crawl December 2024 archive revealed thousands of live secrets. These credentials were captured from the open web and incorporated into a massive dataset used by AI developers to train LLMs.

Common Crawl · Incident Dec 1, 2024 · Indexed Jun 5, 2026 · 2 sources

The lack of secret scrubbing in public web archives allows live credentials to seep directly into AI training sets.

Key facts

What
A security analysis of the Common Crawl December 2024 archive revealed thousands of live secrets.
Incident date
Dec 1, 2024
Who
Common Crawl
Failure mode
Data Leakage
AI surface
Search / RAG
Severity
High

What happened

Security researchers from Truffle Security scanned the December 2024 Common Crawl dataset and discovered approximately 12,000 valid, live secrets. These secrets, which included AWS and Slack tokens, were inadvertently collected during the web crawling process. The dataset is widely used to train large language models, including DeepSeek.

What broke inside the model

Failure path · mode profile · Data Leakage
  1. 01 · TriggerA request triggers retrieval or context loading.
  2. 02 · Model stepThe context pulls in another user's content.
  3. 03 · Control gapNo boundary enforces isolation at the moment of output.
  4. 04 · FailurePrivate data crosses into the response.
  5. 05 · ConsequenceOne user sees another's data, and disclosure follows.

One user's content crosses the retrieval boundary into another's response.

The automated web crawling mechanism failed to scrub or filter sensitive secrets from public web pages before they were archived. This allowed hardcoded credentials to be ingested directly into the public training dataset.

What it cost

Public visibilityHigh
Regulatory exposurePossible
Customer impactMany customers
Financial impactUnknown
Time to disclosureDays

Sources

  1. PressResearch finds 12000 'Live' API Keys and Passwords in DeepSeek's Training Datatrufflesecurity.com
  2. Press12,000 API Keys and Passwords Exposed in AI Training Datapointguardai.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/common-crawl-december-2024-dump-exposes
CitationAI Failure Index. "Common Crawl December 2024 dump exposes 12,000 live API keys and passwords" (FI-0312). Realm Labs. https://failureindex.ai/failures/common-crawl-december-2024-dump-exposes (indexed Jun 5, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0312. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AI Detection & Response (AIDR)

Realm can detect when a response is about to emit data that falls outside the bounds of the current user and context, and block or redact it inline, at the moment of generation rather than after the data has left.

Book a Demo

Related failures

Other records that share this failure mode (Data Leakage) or industry (Cross-industry).

FI-0501Cross-industryMedium
Hallucination

KPMG pulls AI report after organizations dispute claims

KPMG withdrew its "Total Experience: Redefining Excellence in the Age of Agentic AI" report after several organizations stated the claims about their AI usage were untrue. Research by GPTZero revealed that the majority of the report's citations were AI-generated hallucinations.

Confidence
High (multi-source, primary)
KPMG3 sourcesPrimaryPublicJun 2026
FI-0576Cross-industryMedium
Brand & Safety Incident

Reddit ads used deepfake news and cloned sites to promote AI investment scams

Reddit failed to prevent a series of sponsored ads that used deepfakes and cloned websites to impersonate news outlets like the BBC and The Guardian. These ads promoted fraudulent AI investment platforms, targeting users in the US and Europe.

Confidence
High (multi-source, primary)
Reddit3 sourcesPrimaryPublicJun 2026
FI-0502Cross-industryMedium
Hallucination

EY retracts loyalty rewards report after AI hallucinations and fake footnotes discovered

EY withdrew a cybersecurity report on loyalty rewards programs after researchers found it contained fabricated data and non-existent citations. The report was used by EY Canada for marketing purposes but was retracted once the AI-generated errors were exposed.

Confidence
Medium (multi-source)
EY3 sourcesPressPublicMay 2026