this post was submitted on 05 Jul 2024
735 points (99.2% liked)
Technology
59219 readers
4025 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yeah. They got data in a way that was not intended. That's a hack. It's not always about subverting something by clickity-clacking like in the movies.
Hint -- by manipulating or exploiting its code
Which I am explaining, they...did...not...do...
They did nothing to the code. They didn't break the code, they didn't cause the code to do anything it wasn't designed to do. They did not exploit any code. They used an API endpoint that was in the open. For its intended purpose, to verify phone numbers. The api verified phone numbers, they verified phone numbers with the api. The only thing they did here...was they did verification on a lot of phone numbers.
They absolutely exploited unintended functionality. If this was intended, they wouldn't have added rate limiting and locked down the api after. It was clear to say this was certainly not an intended use of the api.
In a video game for example, if there is a an item that caused excessive lagging just by placing the item. Placing a lot of them with the intent to lag the game would be an exploit. They only used items sanctioned by the game, but for unintended reasons and they would likely be banned for exploitation.