mogwailabs_gmbh, Last May, the populare API tool Postman pivoted to be a cloud-only product for many of its features. This might have a serious security impact as developers often store high privileged access tokens there, in some cases they might even be exposed through the Postman API search features.
We did a quick check for some of our customers and already discovered some valid tokens.
Check out @Lee_Holmes blog post on this. Also kudos to @wdormann for pointing this out first (at leat to our knowledge).