Bluesky — Data Breach
moderate→
Security researcher David Buchanan discovered a vulnerability in Bluesky's core did:plc identity mechanism that allowed hijacking any account's identity by creating lengthened duplicates of existing decentralized identifiers (DIDs). The researcher demonstrated the exploit by changing the handle of the official @bsky.app account. Bluesky acknowledged the report within 34 minutes and deployed a patch the same day.
Full diff not available for this historical entry.
Detailed line-by-line diffs will be generated automatically for future policy changes detected by the scraper.