Yes, it's as simple as the back end not validating that the user id and email ad...

		glyphosate on Dec 8, 2022 \| parent \| context \| favorite \| on: Hacking on a plane: Leaking data of millions and t... Yes, it's as simple as the back end not validating that the user id and email address in the requests are tied to the active session. It's a very common mistake, often happens when devs try to roll their own session management/access control functionality