Comment on Authy got hacked, and 33 million user phone numbers were stolen
0xD@infosec.pub 4 months agoA missing rate limit is a vulnerability, or a weakness, depending on the definition. You’re playing smart without having an idea of what you’re talking about. Here you go:
cwe.mitre.org/data/definitions/799.html
YouTube videos are public, and as such it’s not really hacking. If you were able to download private videos, for example, it would be a vulnerability like “Improper Access Control”. It does not matter in the least whether you use an “exploit” in your definition (which is wrong) or “just increment the video ID”.
The result is a breach of confidentiality, and as such this is to be classified as a “hack”.