🎵 Found a verification bypass in Bandsintown - fixed
Used API endpoint to claim any unclaimed artist
Got full access to Rick Astley's 191k followers
Emails, names, push notifs
Could have rickrolled 191k people. I did not.
bobdahacker.com/blog/bandsin...
#InfoSec #BugBounty #Security #CyberSecurity
How I found a verification bypass in Bandsintown that let anyone claim unclaimed artist pages with a single API call - including Rick Astley's 191k followers, their emails, and the ability to send pus...
