←back to thread

Supabase MCP can leak your entire SQL database

(www.generalanalysis.com)
780 points rexpository | 3 comments | 08 Jul 25 17:46 UTC | HN request time: 0.606s | source
Show context
sshh12 ◴[08 Jul 25 18:28 UTC] No.44502661[source]
I'm surprised we haven't seen more "real" attacks from these sorts of things, maybe it's just bc not very many people are actually running these types of MCPs (fortunately) in production.

Wrote about a similar supabase case [0] a few months ago and it's interesting that despite how well known these attacks feel even the official docs don't call it out [1].

[0] https://blog.sshh.io/i/161242947/mcp-allows-for-more-powerfu... [1] https://supabase.com/docs/guides/getting-started/mcp

replies(1): >>44502699 #
simonw ◴[08 Jul 25 18:31 UTC] No.44502699[source]
Yeah, I am surprised at the lack of real-world exploits too.

I think it's because MCPs still aren't widely enough used that attackers are targeting them. I don't expect that will stay true for much longer.

replies(1): >>44502910 #
1. 0cf8612b2e1e ◴[08 Jul 25 18:56 UTC] No.44502910[source]
Could be that the people most likely to mainline MCP hype with full RW permissions are the least likely to have any auditing controls to detect the intrusion.
replies(2): >>44503253 #>>44505276 #
2. ang_cire ◴[08 Jul 25 19:33 UTC] No.44503253[source]
Yep, the "we don't have a dedicated security team, but we've never had an intrusion anyways!" crowd.
3. sleazebreeze ◴[09 Jul 25 00:36 UTC] No.44505276[source]
They also aren’t building anything worthwhile. Just a lot of agentic slop with zero users. No users, no valuable data, who cares?