We know what you’re thinking, “I bet they call this a supply chain attack.”
And you’d be right.
The “one man” in the headline is cybersecurity researcher Alex Birsan and his article Dependency Confusion: How I Hacked My Way Into Apple, Microsoft, and Dozens of Other Companies, which came out last week, will tell you how his “attack” worked.
Of course, Birsan didn’t do it literally alone and unaided (see the end of his paper for the section with regards to others who helped him, directly or indirectly, during his research), and he hasn’t really attacked anyone like a hacker or criminal did Crackers would do.
His work has been done in accordance with bug bounty rules or pre-agreed penetration test agreements and Birsan actually includes bug bounties in his credits:
[A shout-out to] Any company that has public bug bounty programs that allow us to spend time pursuing ideas like this one. Thank you!