@bobdahacker@infosec.exchange
·
2d ago
BobDaHacker 🏳️⚧️
@bobdahacker@infosec.exchange
Can we hack it?? Yes we can!!! 😎😎😎 Hey Im BobDaHacker an ethical hacker 🤓 Thx 4 coming to my ted talk
infosec.exchange
✈️ New Blog Post: Your Boarding Pass Is a Skeleton Key. Frontier Airlines Doesn't Care.
Frontier's mobile API returns full passport numbers, home addresses, children's DOB, credit card details, and KTNs for any booking. The only auth? A PNR and last name. Printed on every boarding pass.
Reported March 3rd. 105 days later, still live. They fixed the least important vuln and ghosted me on the rest. They also updated the website code and somehow made the leaks worse.
Full writeup: https://bobdahacker.com/blog/frontier-airlines-hack
#InfoSec #BugBounty #ResponsibleDisclosure #FrontierAirlines #Security #CyberSecurity #Privacy #Aviation #PCIDSS #DataExposure
32
0
55
@bobdahacker@infosec.exchange
·
3d ago
BobDaHacker 🏳️⚧️
@bobdahacker@infosec.exchange
Can we hack it?? Yes we can!!! 😎😎😎 Hey Im BobDaHacker an ethical hacker 🤓 Thx 4 coming to my ted talk
infosec.exchange
⚽ New Blog Post: I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
Registered on FIFA's public Agent Platform, got added to their Entra tenant, and accessed the Streaming Management panel for every live World Cup 2026 match. RTMP ingest URLs, stream keys, all five camera angles. Confirmed live in VLC. An attacker could have replaced live camera feeds on TV worldwide.
Full writeup: https://bobdahacker.com/blog/fifa-hack
#InfoSec #BugBounty #ResponsibleDisclosure #FIFA #WorldCup #Security #CyberSecurity #RTMP #BrokenAccessControl
32
0
59
You've seen all posts