Cracking Encrypted Credit Card Numbers Exposed By API

I found an API that exposed encrypted credit card numbers. Here’s how I cracked them to reveal the full card details.

Photo by Avery Evans on Unsplash

While hacking on a private bug bounty program, I found a graphql endpoint that exposed way more information about logged in users than it should have done. By playing with the ‘about me’ graphql API request I was able to guess and retrieve all the logged-in…