Think about you walk in to a bank and go strait into the vault where all the money are stored. That easy? You think. It will be if no one was check along the way.
That’s when an app basically says, “Sure, help yourself,” and hands a user data they should definitely not be seeing.
Add proper authorization. In other words, make sure the app asks, “Hey, is this actually your stuff?” before giving anything away.
As a hacker, this is great! We can steal valuable assets easily. As a SOC analyst, we need to address this immeditely as this can cause the company a fortunate!