Hackers Stole 200,000+ Citi Accounts Just By Changing Numbers In The URL
Consumerist:
Basically after you logged into your account as a Citi customer, the URL contained a code identifying your account. All you had to do was change around the numbers and boom, you were in someone else’s account.
So if the URL was something like citibank.com/user/12345, all you had to do was change it to citibank.com/user/123456 and you had access to all of their account information.
Oh for crying out loud. From the comments:
Well, actually more like when you unlocked your door, every other door on the street unlocked for you too