Sender-Constrained Tokens for Carrier Integration: Preventing Token Replay Attacks in Multi-Tenant Middleware
The Postman workspace breach exposed 30,000 workspaces containing live API keys and access tokens. Developers had been saving production secrets—live API keys, access tokens, even sensitive healthcare records—in their testing environments without proper access controls. Meanwhile, threat actors exploited OAuth tokens stolen from the Salesloft/Drift integration