/tags/authn/ Recent content in authn on Hugo -- gohugo.io Tue, 19 Aug 2025 00:00:00 +0000 /blog-posts/hacking-chatbot-pii-data-leak/ Tue, 19 Aug 2025 00:00:00 +0000 /blog-posts/hacking-chatbot-pii-data-leak/ During recon on a large e-commerce target, I landed upon a domain with a pretty interesting chatbot functionality. It could manage orders, process cancellations, and hand you off to a live agent. Even better (or worse), when you were logged in, the bot “helpfully” pulled up your recent orders. Cool! This was all I needed to take a close look. To keep things realistic, I bought an item as a guest with an email I control — call it victim-me.