Solid investigative work here. The PIN lock logic is particularly damning because it reveals corporate awareness of session hijacking while publicly blaming users for password issues. I've seen similar patterns in fintech where companies implement workarounds that inadvertantly expose the true nature of their vulnerabilities. The fact that password changes didnt stop repeat thefts is basically case closed on the technical side.
Thank you kindly Mr. Architect for your validation. There has been deplorable corporate behaviour magnitudes worse than this, but I struggle to think of worse inflicted on a corporation's most valued customers.
Solid investigative work here. The PIN lock logic is particularly damning because it reveals corporate awareness of session hijacking while publicly blaming users for password issues. I've seen similar patterns in fintech where companies implement workarounds that inadvertantly expose the true nature of their vulnerabilities. The fact that password changes didnt stop repeat thefts is basically case closed on the technical side.
Thank you kindly Mr. Architect for your validation. There has been deplorable corporate behaviour magnitudes worse than this, but I struggle to think of worse inflicted on a corporation's most valued customers.