OptimEyes.ai leak
Creating a Single Source of Truth Using an AI-Powered Common Control Framework
OptimEyes ingests data from multiple risk sources to create an aggregated, near real-time enterprise wide view of risk. Our flexible solutions cover each client’s risk priorities, including cyber, data privacy, ESG and compliance risk.

What is inside, you might ask? Well, luckily for all those “journalists” who will report about it, there is a readme file. Easy-mode!
meow :3 get fukkkkd ^v^
contents:
- (almost?) all git repos
- git credentials in git configs in case u find any other repo names
- lots of config files with credentials n shit
- s3 buckets containing:
- customer network inventories + vuln scans
- their genius ml models that couldnt prevent this attack
- multiple database backups
- sftp private keys
- idk a shitton of other stuff
note: s3.optimeyes.ai sync is very incomplete
Size: 67GB
Magnet link:
magnet:?xt=urn:btih:03386cd3a22b094cd830853b6577a3197b55225f&dn=optimeyes%20dump%202023
Yeah, it’s really really bad.
jwt.secret=jwtOptimeyesaiSecretKey
aws.accessKeyId=AKIAXVF7DYV5MIQ7OOPW
aws.secretKey=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
aws.secretName =secretMYsqlAdminUser
aws.region =us-west-2
##### AWS ACCESS CONFIG #####
gkz.aws.access_key_id=AKIAXVF7DYV5LPKYITP4
gkz.aws.secret_access_key=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
gkz.s3.bucket=s3.optimeyes.ai
gkz.s3.region=us-west-2
String ACCESS_KEY = "AKIAXVF7DYV5LCMAMG67";
String SECRET_ACCESS_KEY = "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";
credentials = new BasicAWSCredentials(ACCESS_KEY, SECRET_ACCESS_KEY);
amazonS3Client = new AmazonS3Client(credentials);
boot.admin.client.username: admin
boot.admin.client.password: OpenSpace
[remote "origin"]
url = https://karanopti:ATBBvM5rnUMkcyW66JTymb8pSSTpA4373467@bitbucket.org/PramodNayak123/eureka-admin.git
fetch = +refs/heads/*:refs/remotes/origin/*
Looks like a legit and complete source code leak of all OptimEyes components. My professional security assessment is that a rebrand is in order, as soon as possible.
Complete listing:
|-- git
| |-- account-assessment-services.zip
| |-- apigateway.zip
| |-- apitest_itrisk.zip
| |-- archer-service.zip
| |-- audittrailapi.zip
| |-- automation-scripts.zip
| |-- ccf-service.zip
| |-- commonconfigapi.zip
| |-- cyber-services.zip
| |-- emailapi.zip
| |-- eureka-admin.zip
| |-- eureka_server.zip
| |-- it_risk_service.zip
| |-- optimeyes_ms_ajs.zip
| |-- privacy_service.zip
| |-- rbacservice.zip
| |-- subscriptionapi.zip
| |-- subsidiary_service.zip
| |-- user_management.zip
|-- readme
`-- s3-buckets
|-- aiml.optimeyes.ai.zip
|-- altria-qualys-data.zip
|-- grainger-rapid7-data.zip
|-- optimeyes-backup.zip
|-- optimeyes-cft.zip
|-- s3.optimeyes.ai.zip
|-- sftp.bucket.optimeyes.ai.zip
`-- sftp.optimeyes.ai.zip
Enjoy!