Zapier fixes bug chain that researchers say risked widespread account takeover

Security researchers from Token Security chained together five separate weaknesses in Zapier that could have allowed an attacker with only a free account to recover discarded credentials, access internal storage of private software images (including a publishing key), push malicious updates to code running in every logged-in user’s browser, and then act on behalf of users across thousands of connected services; Token Security reported the issues, Zapier remediated them within weeks, paid the bug bounty, and there is no evidence of prior exploitation.