minus-squaretor_tommytoNetSec•Navia breach exposed HackerOne employee PII due to a BOLA-style access in third-party systemlinkfedilinkarrow-up1·1 day ago“TIL that an attack vector that’d be called a ‘BOLA’ in some threat models actually led to the exposure of sensitive info. Still waiting for mainstream adoption of robust access control best practices” linkfedilink
“TIL that an attack vector that’d be called a ‘BOLA’ in some threat models actually led to the exposure of sensitive info. Still waiting for mainstream adoption of robust access control best practices”