Authy got hacked, and 33 million user phone numbers were stolen - eviltoast
  • 0xD@infosec.pub
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    5
    ·
    6 months ago

    A missing rate limit is a vulnerability, or a weakness, depending on the definition. You’re playing smart without having an idea of what you’re talking about. Here you go:

    https://cwe.mitre.org/data/definitions/799.html

    YouTube videos are public, and as such it’s not really hacking. If you were able to download private videos, for example, it would be a vulnerability like “Improper Access Control”. It does not matter in the least whether you use an “exploit” in your definition (which is wrong) or “just increment the video ID”.

    The result is a breach of confidentiality, and as such this is to be classified as a “hack”.