A security consultant from the UK, with the name Paul Price, found an error in its British version applicationof Pizza Domino that allowed him to order a pizza and not pay for it.
Price found that the application's API for processing the payments was malfunctioning, allowing savvy users to trick the app into accepting invalid payments, essentially allowing them to order pizza for free.
The application accepted as invalid the invalid payments and so the rest of the process continued, so that your order arrived at your door.
The investigator of course did not take advantage of the security gap and informed the company Domino which directly corrected the error.
But the moral of the story is that there are many applications out there with broken APIs.
APIs bugs were partly responsible for the massive violation of the VTech game company, which left millions of people's personal data exposed.
But also just a few weeks ago, the researchers better safetyTroy Hunt and Scott Helme showed that hackers could wreak havoc on Nissan's electric cars by turning on the AC and draining the car's battery. The company was forced to disable the app to fix the bug.
