McKeegan Curran

Fizz Social CDN Vulnerability

In March of 2024 during some looking at the API of the app Fizz a new CDN url was discovered. The root url was found to have the XML fully accessible including backup and other folders that could have resulted in a large scale data breach.

This breach was reported to Fizz on March 25th at 4:15pm CDT via email, at 4:37pm CDT a response that they were looking into the matter was received and remediation was confirmed by 5:30pm CST. Please note any identifying information has been removed and certain other information redacted for my own protection.