"Worth saying out loud in a culture that often punishes disclosure programs for slowness," Token’s blog post reads.
Token Security's chain of five weaknesses
Security firm Token Security disclosed a sequence of five separate weaknesses in Zapier — a popular workflow automation service — that, when chained together, would have allowed an attacker to act inside user accounts without deploying malware or needing insider access. The company said the only prerequisite was a free Zapier account. Individually, the flaws resembled routine bugs; together, Token wrote, they opened a route into "one of the most widely used services of the modern internet."
From user-supplied code to a browser publishing key
The researchers described a technical escalation that began with how Zapier lets users write small pieces of code as part of their automations. After isolating that feature, Token recovered login credentials Zapier had attempted to discard. Those credentials exposed an internal storage system holding more than 1,100 of Zapier’s private software images. One image contained a publishing key for a piece of code that runs inside every logged-in Zapier user’s browser.
Token Security said that with the ability to update that code, an attacker could have acted as a legitimate user inside the platform: creating new automations, altering existing ones, and using connections the user had already approved to outside services. Because those actions would have been carried out through Zapier itself, they would have appeared to connected systems as actions taken by the legitimate user. Token emphasized that an attacker could not have obtained passwords or login keys for those connected services, which remain on Zapier’s servers.
Gmail key tied to an AI vendor CTO illustrates immediacy
During the same research effort Token discovered a working key tied to the personal account of the chief technology officer of an outside artificial-intelligence company whose software Zapier used internally. Using that key, researchers said they were able to send an email from the executive’s own Gmail account to a mailbox they controlled. Token told Zapier the capability existed but did not exploit it, and the firm confirmed it had the access needed to push a malicious update into code running inside every signed-in Zapier user’s browser before reporting the findings in February under Zapier’s bug-bounty program.
Zapier's response: triage, remediation, and bounty
According to Token, Zapier triaged the issues within four days and remediated them within three weeks. Zapier paid the bug-bounty program’s maximum reward of $3,000 and, Token wrote, the company has "no evidence the weaknesses were exploited before they were patched." Token also noted the firm worked with Zapier to allow coordinated disclosure. CyberScoop reported that Zapier did not respond to its request for comment.
What this means for technologists, procurement leaders, and end users
- Technologists and security teams: Token advised organizations with heightened sensitivity to review their automation logs for anything they did not create and to consider reauthorizing Zapier connections to particularly sensitive systems. The researchers also warned that each weakness in the chain was a well-documented kind of mistake and that the vulnerability lay in the chain itself.
- Procurement leaders and enterprises: The episode underscores that breaking into a single automation platform could escalate into a broader supply-chain-style impact. Token noted Zapier supports more than 8,000 third-party integrations and has millions of users, raising the potential scale of any exploitation that reached this level.
- End users: Actions carried out from compromised automations would look, to outside services, like the user's own legitimate activity. Token's practical advice was to audit automation activity and reauthorize critical connections where appropriate.
Token Security concluded its post by warning that the same pattern of chained errors "almost certainly exists at other companies that have not yet looked." Zapier says the issues have been fixed and no further action is required. The public record from Token and CyberScoop leaves a focused question for operators and auditors: how many other automation platforms will find the same chain when they examine their own user-code, credential handling, and image-publishing processes?
