{"id":39429,"date":"2025-06-24T10:29:34","date_gmt":"2025-06-24T04:59:34","guid":{"rendered":"https:\/\/www.getastra.com\/blog\/?p=39429"},"modified":"2025-06-24T11:52:56","modified_gmt":"2025-06-24T06:22:56","slug":"what-the-16-billion-credentials-leak-really-means-and-why-its-not-a-new-breach","status":"publish","type":"post","link":"https:\/\/www.getastra.com\/blog\/knowledge-base\/what-the-16-billion-credentials-leak-really-means-and-why-its-not-a-new-breach\/","title":{"rendered":"What the 16 Billion Credentials Leak Really Means (And Why It\u2019s Not a New Breach)"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Another breach? Not quite.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">You\u2019ve probably seen the headlines: \u201c16 billion passwords leaked in the largest breach ever.\u201d It sounds like a cybersecurity doomsday event. Media outlets ran with it. Even seasoned security leaders reposted it in alarm.<br><br>Here\u2019s the truth: <strong>this isn\u2019t a fresh breach. <\/strong>No, Google, Meta, and Apple weren\u2019t hacked.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">What actually happened is that a massive trove of previously stolen credentials was released. Collected over the years through infostealer malware, dark web marketplaces, and public breach dumps, was compiled into one organized, searchable file. It\u2019s not new data, but the way it\u2019s been packaged makes it newly dangerous.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">These credentials are developer logins, SaaS administration panels, cloud consoles, and browser tokens that remain active in your environment.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Was_The_Leak\"><\/span><strong>What Was The Leak?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A single incident did not cause this hack; rather, it was a culmination of years of stolen data, scraped from the dark web, stolen logs, and malware-infected systems. It is organized, indexed, and frighteningly current.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">However, the real problem lies in the <strong>system that made this leak inevitable.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Credential leaks like this are no longer flukes or freak incidents. They\u2019re the natural byproduct of a toxic cycle that runs silently underneath the internet: one where malware harvests credentials at scale, attackers automate their use, and security teams keep playing catch-up.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">What\u2019s worse? Many of these leaked credentials belong not to individuals but to <strong>enterprise accounts<\/strong>. Tools used by developers. Sessions are used by engineers. Admin panels forgotten in staging. In 2025, <strong>stolen credentials are a supply chain threat.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Let\u2019s decode why this cycle keeps repeating and what security teams can <em>actually<\/em> do to break it.<\/p>\n\n\n<style>\n.newctaWrapper{\n  background-color: #f8f2e4; \n  padding: 40px;\n  border-radius: 10px;\n  margin: 20px 0px; \n}\n\n.ctaHead{\n  display: flex;\n  align-items: center;\n  grid-gap: 1rem;\n}\n\n.newctaHeading{\n  font-size: 36px;\n  font-weight: 600;\n  line-height: 1.1;\n  margin-bottom: 0px;\n  color: #403F3E;\n}\n\n.spanBold{\n  color: #164DB3;\n  font-weight: 700;\n}\n\n.ctaOne{\n  text-decoration: none;\n  background-color: #2F76F8;\n  color: #ffffff!important;\n  padding: 10px 25px;\n  border-radius: 6px;\n  font-weight: 600;\n}\n\n.ctaOne:hover{\n  color:#fff;\n}\n\n.ctaTwo{\n  text-decoration: none;\n  background-color: #24BC94;\n  color: #ffffff!important;\n  padding: 10px 25px;\n  border-radius: 6px;\n  font-weight: 600;\n}\n\n.ctaTwo:hover{\n  color:#fff;\n}\n\n.ctaBody{\n  display: flex;\n  align-items: flex-end;\n  grid-gap: 1rem;\n  font-weight: 500;\n  color: #403F3E;\n}\n\n.ctoImg{\n  height: 344px; \n  width: 300px;\n}\n\n@media(max-width: 768px){\n\n}\n\n@media(max-width: 576px){\n  .ctaBody{\n    flex-direction: column;\n  }\n\n  .ctoImg{\n     display: none;\n  }\n}\n<\/style>\n\n<div class=\"newctaWrapper\">\n  <div class=\"ctaHead\">\n    <img loading=\"lazy\" decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/ceb80994-shield.png\" height=\"74\" width=\"70\" alt=\"shield\" \/>\n    <p class=\"newctaHeading\">Why is Astra Vulnerability Scanner the Best Scanner?\n\n<\/p>\n  <\/div>\n\n  <div class=\"ctaBody\">\n   <div>\n    <ul style=\"margin: 40px 0px 40px 20px;\">\n      <li>We\u2019re the only company that\u00a0<span class=\"spanBold\">combines automated &#038; manual pentest<\/span>\u00a0to create a one-of-a-kind pentest platform.<\/li>\n      <li>Vetted scans ensure<span class=\"spanBold\">\u00a0zero false positives.<\/span><\/li>\n      <li>Our intelligent <span class=\"spanBold\">vulnerability scanner emulates hacker behavior<\/span>\u00a0&#038; evolves with every pentest.<\/li>\n      <li>Astra\u2019s scanner helps you shift left by integrating with your CI\/CD.<\/li>\n      <li>Our platform helps you\u00a0<span class=\"spanBold\">uncover, manage &#038; fix<\/span>\u00a0vulnerabilities in one place.<\/li>\n      <li>Trusted by the brands\u00a0<span class=\"spanBold\">you trust<\/span>\u00a0like Agora, Spicejet, Muthoot, Dream11, etc.<\/li>\n    <\/ul>\n    <div class=\"ctaHead\">\n      <a href=\"\/contact-us\" class=\"ctaOne\" target=\"_blank\" rel=\"noopener\">Let\u2019s Talk<\/a>\n      <a href=\"\/pricing\" class=\"ctaTwo\" target=\"_blank\" rel=\"noopener\">Get Started<\/a>\n    <\/div>\n   <\/div>\n   <div>\n    <img decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/08\/b262d665-cto.png\" height: \"344\" width\"320\" alt=\"cto\" class=\"ctoImg\" \/>\n   <\/div>\n  <\/div>\n  \n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_Old_Breaches_Keep_Fueling_New_Attacks\"><\/span><strong>How Old Breaches Keep Fueling New Attacks<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Credential leaks age like uranium, not fruit.<\/strong> Even years-old data can still be toxic to organizations when used the right way (or the wrong way). Infostealer malware, such as RedLine, Raccoon, and Vidar, doesn\u2019t care when the credentials were stolen. They care that they work.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s how this cycle keeps attacking companies long after the original <a href=\"https:\/\/www.getastra.com\/blog\/security-audit\/biggest-data-breaches\/\">breach<\/a>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Infostealers infect personal and corporate machines<\/strong>, quietly harvesting login credentials, session cookies, and autofill data.<br><\/li>\n\n\n\n<li>The logs are dumped, sold, or traded across dark web forums. Over time, they accumulate into massive archives, like the one making headlines now.<br><\/li>\n\n\n\n<li>Attackers use automation tools to <strong>scan these dumps for corporate domains, staging environments, dev tools, and cloud dashboards<\/strong>.<br><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">These aren\u2019t theoretical risks. This is happening every day in genuine attack chains.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">And what makes this cycle more dangerous now than ever before is <strong>the combination of scale and automation<\/strong>. A single archive with billions of credentials becomes an attack surface map when paired with scripting, password spraying tools, and credential validators.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>It\u2019s not about what was breached. <\/strong>It\u2019s about what was stolen years ago, is still exploitable today, and how threat actors are operationalizing that legacy exposure in real-time.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_This_Is_No_Longer_Just_a_Consumer_Problem\"><\/span><strong>Why This Is No Longer Just a Consumer Problem<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The leaked credentials in this breach extend far beyond social accounts. They include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Access tokens<\/strong> from browser sessions<br><\/li>\n\n\n\n<li><strong>Developer credentials<\/strong> for GitHub, AWS, and CI\/CD tools<br><\/li>\n\n\n\n<li><strong>Admin logins<\/strong> to SaaS dashboards, staging servers, and control panels<br><\/li>\n\n\n\n<li><strong>Cookies<\/strong> that keep sessions active, long after MFA was passed<br><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">This isn\u2019t just about individuals getting phished; it\u2019s about <strong>employees accidentally exposing enterprise attack surfaces.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">In a world of hyper-connected tools and APIs, one compromised credential can:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Open the door to an internal dashboard.<br><\/li>\n\n\n\n<li>Allow access to shared cloud resources.<br><\/li>\n\n\n\n<li>Give attackers a foothold in supply chain integrations.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">And because these credentials don\u2019t always appear to be \u201cprivileged\u201d access on the surface, they often remain unrevoked, quietly persisting across environments.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">But in practice, <strong>these so-called &#8220;non-privileged&#8221; creds can be just as dangerous<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In <strong>2023<\/strong>, attackers <a href=\"https:\/\/devops.com\/github-action-compromise-risks-data-leaks-for-23000-repositories\/\" target=\"_blank\" rel=\"noopener\">exploited a leaked GitHub<\/a> token from a developer\u2019s repository to pivot into a CI\/CD pipeline, injecting malware into a widely used open-source package.<br><\/li>\n\n\n\n<li>In <strong>early 2024<\/strong>, a cloud storage misconfiguration combined with a leaked S3 access key led to the <a href=\"https:\/\/www.trendmicro.com\/vinfo\/in\/security\/news\/virtualization-and-cloud\/data-on-123-million-us-households-exposed-due-to-misconfigured-aws-s3-bucket\" target=\"_blank\" rel=\"noopener\">exposure of internal builds<\/a> at a mid-sized SaaS provider, <em>despite the key being linked to a staging account with no explicit \u201cprod\u201d access<\/em>.<br><\/li>\n\n\n\n<li><strong>Developer credentials are low-hanging fruit: <\/strong>Leaked GitHub, CI\/CD, or cloud logins can expose code, configurations, and deployment pipelines, providing attackers a shortcut to your core systems.<br><\/li>\n\n\n\n<li><strong>Your vendor\u2019s leak is your problem: <\/strong>Many credentials belong to third parties with access to your tools. One exposed API key or session token from a partner can quietly open the door to your environment.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>The perimeter is gone. And every reused credential is now a lateral movement opportunity.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The result? Credentials have become the <strong>weakest link in the digital supply chain, <\/strong>and organizations that are unable to simulate this cycle internally are likely underestimating just how exposed they already are.<\/p>\n\n\n<style>\n\n.greenOneWrap{\n  padding:35px;\n  border: 6px;\n  background-image: url('https:\/\/cdn-blog.getastra.com\/2024\/09\/4ac747ff-greenbg.png');\n  background-size: cover;\n  background-repeat: no-repeat;\n  position: relative;\n  background-position: right;\n  height: 275px;\n  border-radius: 10px;\n  margin: 20px 0px; \n}\n\n.pentestHeading{\n  color: #575757;\n  font-size: 24px;\n  font-weight: 600;\n  color: #575757;\n  max-width: 450px;\n}\n\n.greenOneHead {\n    display: flex;\n    align-items: center;\n    grid-gap: 1rem;\n}\n\n.ctaOne {\n    text-decoration: none;\n    background-color: #2F76F8;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.ctaTwo {\n    text-decoration: none;\n    background-color: #24BC94;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.spanBoldBlue {\n    color: #3078FE;\n    font-weight: 700;\n}\n\n.GreenOneImg{\n  position: absolute;\n  bottom: 0px;\n  right: -20px;\n  height: 250px;\n  width: 240px;\n}\n\n@media(max-width: 768px){\n\n}\n\n@media(max-width: 576px){\n   .pentestHeading{\n      font-size: 28px;\n    }\n\n   .GreenOneImg{\n    display: none;\n  }\n}\n\n<\/style>\n\n<div class=\"greenOneWrap\">\n  <p class=\"pentestHeading\">Astra Pentest is built by the team of experts that helped\u00a0secure <span class=\"spanBoldBlue\">Microsoft, Adobe, Facebook, and Buffer<\/span><\/p>\n<br \/>\n  <div class=\"greenOneHead \">\n    <a href=\"\/contact-us\" class=\"ctaOne\" target=\"_blank\" rel=\"noopener\">Book a Demo<\/a>\n    <a href=\"\/pentest\/pricing\" class=\"ctaTwo\" target=\"_blank\" rel=\"noopener\">View Pricing<\/a>\n  <\/div>\n\n  <img decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/4b5722b6-girlone.png\" alt=\"character\" class=\"GreenOneImg\" \/>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"What_Security_Teams_Should_Be_Doing_Right_Now\"><\/span><strong>What Security Teams Should Be Doing Right Now<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">You can\u2019t stop credentials from leaking, <strong>but you can prevent them from becoming lateral movement footholds<\/strong>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This isn\u2019t about rotating passwords on a schedule or relying on your MFA settings being good enough. The organizations that remain resilient are those that treat every leaked credential as already compromised and every session token as suspect.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Here\u2019s what real-world-ready security teams are prioritizing:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>1. Rotate and Revoke, Aggressively and Intelligently<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Don\u2019t just rotate passwords, <strong>rotate credentials in context<\/strong>. That means knowing which ones tie into high-privilege SaaS tools, CI\/CD systems, or production environments, and revoking sessions or tokens associated with them immediately.<br><br>Stale browser tokens and service account keys are often the most dangerous, as they persist beyond offboarding, bypass multi-factor authentication (MFA), and rarely raise alarms.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>2. Monitor for Exposure, Then Validate It Internally<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Dark web monitoring is table stakes. The smarter move? <strong>Match exposed credentials against your internal usage logs.<\/strong> If you see an old email-password combination or token appear, check whether it corresponds to any currently active tools or integrations.<br><br>Additionally, you should also hunt for <strong>zombie access<\/strong>, unused but still valid tokens or API keys tied to staging environments, forgotten dashboards, or past vendors.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>3. Enforce MFA, but Break Your MFA First<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">If your MFA strategy hasn\u2019t been tested for fatigue, fallback abuse, or cookie\/session hijacking, you don\u2019t have an MFA strategy; you have a checkbox.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Use red teaming or internal penetration tests to <strong>simulate<\/strong> <strong>infostealer scenarios<\/strong>: how far can a valid cookie take you? Can a credential stuffing tool bypass your flow via saved sessions or brute-forced OTP flows?<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>4. Simulate the Breach, From the Inside Out<\/strong><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Pentesting isn\u2019t just about CVEs anymore. The most innovative teams run <strong>infostealer-style simulations<\/strong> to understand how an attacker would move through the environment <em>without<\/em> exploiting a single technical vulnerability.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Test what happens when:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A dev&#8217;s GitHub token leaks<br><\/li>\n\n\n\n<li>A SaaS admin session is hijacked<br><\/li>\n\n\n\n<li>A browser autofill credential is replayed<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If your environment can\u2019t contain that, you don\u2019t need new tools, you need better operational hygiene.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Assume the leak has already affected your employees and test your environment as if it has. <\/strong>Pentesting isn\u2019t just about finding CVEs. It\u2019s about revealing how everyday mistakes and reused access can lead to silent compromise.<\/p>\n\n\n<style>\n\n.testCaseWrap{\n  padding:35px;\n  border: 6px;\n  background-image: url('https:\/\/cdn-blog.getastra.com\/2024\/08\/838dc804-smallimgicbg.png');\n  background-size: cover;\n  background-repeat: no-repeat;\n  position: relative;\n  background-position: right;\n  height: 100%;\n  border-radius: 10px;\n  margin: 20px 0px; \n}\n\n.pentestHeading{\n  color: #575757;\n  font-size: 24px;\n  font-weight: 600;\n  color: #575757;\n  max-width: 450px;\n}\n\n.testCaseHead {\n    display: flex;\n    align-items: center;\n    grid-gap: 1rem;\n}\n\n.ctaOne {\n    text-decoration: none;\n    background-color: #2F76F8;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.ctaTwo {\n    text-decoration: none;\n    background-color: #24BC94;\n    color: #ffffff !important;\n    padding: 10px 25px;\n    border-radius: 6px;\n    font-weight: 600;\n}\n\n.spanBoldBlue {\n    color: #3078FE;\n    font-weight: 700;\n}\n\n.testCaseImg{\n  position: absolute;\n  bottom: 0px;\n  right: -20px;\n  height: 250px;\n  width: 240px;\n}\n\n@media(max-width: 768px){\n\n}\n\n@media(max-width: 576px){\n    .testCaseHead {\n      flex-direction: column;\n      align-items: start;\n    }\n\n   .pentestHeading{\n      font-size: 28px;\n    }\n\n   .testCaseImg{\n    display: none;\n  }\n}\n\n<\/style>\n\n<div class=\"testCaseWrap\">\n  <p class=\"pentestHeading\">Lock down your security with our <span class=\"spanBoldBlue\">10,000+ AI-powered test cases.<\/span><\/p>\n  <p >Discuss your security needs <br \/> &#038; get started today!<\/p>\n<br \/>\n  <div class=\"testCaseHead \">\n    <a href=\"https:\/\/www.getastra.com\/pentest\/pricing\" class=\"ctaOne\" target=\"_blank\" rel=\"noopener\">View Pricing<\/a>\n    <a href=\"https:\/\/www.getastra.com\/contact-us\" class=\"ctaTwo\" target=\"_blank\" rel=\"noopener\">Schedule a call<\/a>\n  <\/div>\n\n  <img decoding=\"async\" src=\"\/cdn-cgi\/image\/quality=80,format=auto,onerror=redirect,metadata=none\/https:\/\/cdn-blog.getastra.com\/2024\/09\/34b4861d-boy1.png\" alt=\"character\" class=\"testCaseImg\" \/>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Final_Thoughts\"><\/span><strong>Final Thoughts<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The headlines might have been misleading, but the threat is quite real. Credential dumps like this are no longer shocking. What\u2019s startling is how often they still work.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The organizations that stay ahead are simulating how attackers think, move, and exploit the small cracks that go unnoticed. And in 2025, that starts with assuming compromise and testing your environment as if it were already compromised.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">If you\u2019re still treating leaked credentials as a consumer issue, it\u2019s time to rethink your threat model.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Another breach? Not quite. You\u2019ve probably seen the headlines: \u201c16 billion passwords leaked in the largest breach ever.\u201d It sounds like a cybersecurity doomsday event. Media outlets ran with it. Even seasoned security leaders reposted it in alarm. Here\u2019s the truth: this isn\u2019t a fresh breach. No, Google, Meta, and Apple weren\u2019t hacked. What actually &#8230; <a title=\"What the 16 Billion Credentials Leak Really Means (And Why It\u2019s Not a New Breach)\" class=\"read-more\" href=\"https:\/\/www.getastra.com\/blog\/knowledge-base\/what-the-16-billion-credentials-leak-really-means-and-why-its-not-a-new-breach\/\" aria-label=\"Read more about What the 16 Billion Credentials Leak Really Means (And Why It\u2019s Not a New Breach)\">Read more<\/a><\/p>\n","protected":false},"author":120,"featured_media":39430,"comment_status":"open","ping_status":"0","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[39],"tags":[],"class_list":["post-39429","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-knowledge-base"],"_links":{"self":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/39429","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/users\/120"}],"replies":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/comments?post=39429"}],"version-history":[{"count":2,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/39429\/revisions"}],"predecessor-version":[{"id":39434,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/posts\/39429\/revisions\/39434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media\/39430"}],"wp:attachment":[{"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/media?parent=39429"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/categories?post=39429"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.getastra.com\/blog\/wp-json\/wp\/v2\/tags?post=39429"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}