Api Token Leaked in [shoppers.shipt.com]

A researcher reported an API key stored in source code that was part of a 3rd party knowledge base integration. The Shipt information security team immediately investigated the report and determined that the API key referenced was a legacy token that was no longer being used. While it didn't present any security risk and there was no way for this key to be exploited in any way, Shipt's engineering team proceeded to remove the key from source as a clean up task. The change was deployed and the researcher verified the issue was remediated.