So In Malaysian app named MySejatera (fyi, mysejahtera is a covid tracking app) has been comprommised! hahahha someone run a while loop GET Request (yes they use GET request for sending otp, wtf) of the script to send OTP to random user found in the database , hahahahaha

https://astroawani.com/berita-malay...

Don't think that really counts as compromised, they were able to trigger the sending of a OTP via api without restrictions, so they sent lots. Probably a nasty phone bill for the company, doesn't look like any user data was compromised (based on the English translation of the linked article).

@atheist There's .... You will like this one

https://malaysia.news.yahoo.com/gli...

@johnmelodyme
That isn't a compromise but an art project.

And as there obviously was no protection to circumvent, it could even be legal...