Skip to main content

Independent Researcher Discovers Yawning Hole in GroupMe

Clever hacker and all around cool guy Dylan Saccomanni viciously pwn'd the popular messaging application GroupMe last week.

The exploit allowed an attacker to signup for a new account while using the phone number of an existing user. The only verification required at that point was a four digit PIN that could be easily brute-forced.

To their credit, GroupMe responded rapidly to Saccomanni's notice and the issue appears to have been resolved.