|
|
|
|
|
|
by withinboredom
1298 days ago
|
|
|
It depends, but I was imagining a vulnerability where I authenticate to the API as myself, but use your ID. Or I sed my usage/diagnostic logs and replace my ID with yours. This might sound really boring, but as an example, I could send logs/activity as someone else, placing them at a scene of a crime that would show up in a subpoena. I doubt this vulnerability exists, but these IDs (and any IDs by any company) should be guarded just like any other PII for exactly this sort of reason. |
|
|