WeSearch

The $2 Million Permission You Forgot You Granted

·5 min read · 0 reactions · 0 comments · 23 views
#cybersecurity#data breach#oauth
The $2 Million Permission You Forgot You Granted
TL;DR · WeSearch summary

A recent security breach at Vercel highlights the risks associated with OAuth permissions granted to third-party applications. Attackers exploited forgotten permissions to access internal environment variables, leading to a $2 million ransom demand. This incident underscores the importance of regularly auditing app permissions to prevent unauthorized access.

Key facts
Original article
DEV.to (Top)
Read full at DEV.to (Top) →
Opening excerpt (first ~120 words) tap to expand

try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3882479) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } Bulut Caner Posted on May 18 The $2 Million Permission You Forgot You Granted #hack #cybersecurity #security At some point you clicked login with Google or another account on a third-party app because it was faster and it was the easiest way to get what you wanted from the site. You clicked and forgot about it. Well, so did a Vercel employee.

Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).

Anonymous · no account needed
Share 𝕏 Facebook Reddit LinkedIn Threads WhatsApp Bluesky Mastodon Email

Discussion

0 comments

More from DEV.to (Top)