…During all this monitoring, I wasn’t anywhere near the rider. I didn’t even need to see them with my own eyes. Instead, I was sitting inside an apartment, following their movements through a feature on a Metropolitan Transportation Authority (MTA) website…
If they allow access without any other form of authentication, I wonder what kind of protections they have against brute forcing credit card numbers.
You could pick up a recipe with the first and last digits and hammer away.
I wonder what kind of protections they have against brute forcing credit card numbers.
I would imagine there aren’t any. Whenever a product or service is created, there’s little to no foresight, it’s all about the ease of profits and the eventual lawsuits that come afterwards are usually seen to be a small percentage of what they’ll make.
This should be shared to privacy@lemmy.ml
Other cities let you pay for transit directly via a credit card. Surely places like London have come up with a solution to this problem.
NYC supports this too
Creep acts creepy and then writes article about how creepy it all was
With their consent, I had entered the rider’s credit card information—data that is often easy to buy from criminal marketplaces, or which might be trivial for an abusive partner to obtain—and punched that into the MTA site for OMNY
Didn’t actually read it did you?