Auth@lemmy.world 2 months ago
Wasnt it a security researcher and not a hacker?
SheeEttin@lemmy.zip 2 months ago
WhatsHerBucket@lemmy.world 2 months ago
The difference in terminology is simple…
A legit paycheck.
Auth@lemmy.world 2 months ago
Wasnt it a security researcher and not a hacker?
The difference in terminology is simple…
A legit paycheck.
Armok_the_bunny@lemmy.world 2 months ago
The risk is that some unknown hacker discovered this vulnerability and abused it before the researchers discovered and reported it. It sounds like the company has confirmed that didn’t happen, but they aren’t 100% trustworthy in that regard, simply because they might have missed something.
Auth@lemmy.world 2 months ago
yeah i know the risk, but the headline implies the data was exposed to a hacker who tried the password 123456 but thats not the case. A security researcher was investigating the application and accessed a test application with the password 123456 then found an API call which exposed the data and then he instantly reported it.