Home / Companies / Replit / Blog / Post Details
Content Deep Dive

We've Been Pwned

Blog post from Replit

Post Details
Company
Date Published
Author
Mason Clayton
Word Count
364
Company Posts That Month
3
Language
English
Hacker News Points
-
Post removed?
No
Summary

As long as I can remember, Replit has been receiving a large number of vulnerability reports, mostly stemming from a misunderstanding of their product. To combat this, they created a test repl to encourage responsible disclosure of vulnerabilities. However, when a young community member, PDanielY, discovered an oversight in the developer API token minting code, which allowed full access to the underlying repl, Replit quickly revoked all affected tokens and logged the incident. Although no unauthorized access was found, it's recommended to rotate credentials just in case, especially if secrets are stored in .env files. The community member who reported the issue handled it with maturity, and Replit is grateful for their responsible disclosure. Despite awarding them a $1000 prize, they'll keep the bounty open for others to try.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Secrets Management 1 288 49 25 -8%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.