Especially with such careless failures. If some employee was tricked through a well-planned social engineering attack, or they used some mega obscure day0 vulnerability, I’d not be happy, but shit happens, I guess.
But not sending my phone number when someone just posts some GET command to an API should be a no-brainer…
Especially with such careless failures. If some employee was tricked through a well-planned social engineering attack, or they used some mega obscure day0 vulnerability, I’d not be happy, but shit happens, I guess. But not sending my phone number when someone just posts some GET command to an API should be a no-brainer…