flaw allows full account takeover

Salt Labs researchers identified vulnerabilities which could have enabled attackers to take over users’ accounts

Mar 3, 2023

Flaws in the authorization system of the website could have allowed attackers to take over user accounts and gain full visibility into their personal or payment-card data, as well as log in to accounts on the website's sister platform,, researchers have found.

Salt Security disclosed the issues to, which researchers lauded for responding quickly to address and completely mitigate them. Moreover, there had been no evidence of compromise to the platform before the issues were resolved, said in a statement provided by Salt Security.

Get the full story at Salt

Related must-reads