[siddharthgoel88]

From technical standpoint, I find the details interesting. However, this irresponsible disclosure of vulnerability troubles me. I am guessing that last year, Indian government has passed the bill of PDPA (https://www.meity.gov.in/writereaddata/files/Digital%20Perso...) if I am not mistaken. Even though irresponsible disclosure of vulnerability is not explicitly mentioned in this Act, but I am pretty sure that such irresponsible disclosure are enough for the author to land into trouble.

Leaving PDPA aside, as a Software professional I find this act kiddy and unethical. 10 years back I found a major vulnerability bug in an major multinational bank where I was able to see monthly statements of any person. I reported this to the bank and they took approx 1 year to fix that. I did not even mention about this bug to my friends or my CV till it was fixed.

[hoseja]

If you leave the gate to your yard wide open don't be surprised to find kids playing ball there.

[siddharthgoel88]

Understandable in this case. But if the playground is of a developed nation (like US, Canada, Singapore, etc.) then unlikely that kids would be playing.

In India, personal data is not yet taken seriously with both educated and un-educated people. It would take some time but I believe this realisation will come over time in people.