McKeegan Curran

Fizz Social CDN Vulnerability

In August of 2022 during some looking at the API of the app Yik Yak an over permissioned and misconfigured graphql API endpoint was found. This endpoint allowed a user to query the table for user-ids and location information.

This breach was reported to Yik Yak on August 31 at 12:14pm CST via email, at 12:38pm CST a response asking for more information was received. After further back and forth communication the the remediations began on September 2nd and were fully remediated by August 7th at 1:57pm CST