Fix guide · info · stripe_connect_account_id

Stripe Connect Account ID exposed

Why it matters

Account IDs are not secrets on their own. They identify which connected account is being targeted. Paired with a leaked sk_live_ key, the account ID tells attackers exactly which Connect account to drain. Mostly informational.

How to fix it

If your Stripe secret key is also in the bundle, see /fix/stripe_secret_key. The account ID itself doesn't need rotation.

Did vibecheck flag this on your app?

If you reached this page from a vibecheck inspection report, the redacted match in your scan output is the exact string we found in your bundle. After applying the fix above, run the inspection again — the finding should clear.