I found a leaked Sentry.io URL containing HTTP basic auth credentials. Both credentials look like random hashes.
https://4c9184f37cff01bcdc32dc486ec36961:email@example.com/164231 (not actually the URL)
According to the documentation, the secret key is used for session signing and it must be kept a secret. However, I’m unable to find any documentation about how the key is actually used. Does anyone know how to exploit the leaked key?