I think you can put malicious data in the bucket and „impersonate“ the deleted b... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		echoangle 38 days ago \| parent \| context \| favorite \| on: Bucketsquatting is finally dead I think you can put malicious data in the bucket and „impersonate“ the deleted bucket, so old code referencing the bucket uses your data instead of throwing an error (?).

returningfory2 38 days ago [–]

Or old code referencing the bucket _writes_ data to it, and the attacker can now read it.

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact