News article: https://www.msn.com/en-in/money/news/google-backed-dotpe-s-apis-expose-sensitive-data/ar-AA1ra3xx
This startup provides a shitty digital menu for restaurants. You scan a qr code that takes you to a terrible website where you submit your order. Once its ready the waiter brings it to you.
Someone opened their ordering webpage on a PC and looked at the API calls being made using their browser's dev tools. Turns out the entire API is public. This person was able to order on behalf of another table and view records of all the sales that took place at the restaurant.
The funniest thing is, instead of disclosing this to DotPe, the person instead wrote a blog post and posted it on Hacker News for the updoots. While describing this situation as a "vulnerability" feels extremely charitable, I think he should have covered his bases to avoid lawsuits.
On that topic I recently found this thread where Hindu fascists are trying to figure out how Chinese goods come out to be cheaper than India's if you have time to waste: https://safereddit.com/r/IndiaSpeaks/comments/1flvljv/why_is_cement_so_expensive_in_india_despite_being/