I think the best hacks are the ones that are obvious once they’re explained, but no one has thought of them before. Here’s an example:
Instagram ($2000), Google ($0) and Microsoft ($500) were vulnerable to direct money theft via premium phone number calls. They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate, non-premium numbers.
Leave a reply