<ul><li>A ₹10 cashback offer from a biscuit packet led to a major security flaw, exposing the privacy of over 200,000 users.</li><li>After scanning a QR code on the packet and signing up with his mobile number, the user earned cashback and points.</li><li>Investigating the backend, the user discovered that sensitive data, including phone numbers, was exposed in the leaderboard and user data endpoints.</li><li>The user promptly alerted the company about the security flaw, emphasizing the need for stronger data protection measures.</li></ul>

Caught in the Crunch My Journey from Snacks to 200000 Exposed Users Privacy

Discover more