*Flutrr, backed by The Times of India, has critical security flaws that expose all user data. They knew about it since November 2024 and still haven't fixed it.* ## What I Found Every single API endpoint has the same problem: they just trust what the client tells them, No authentication checks. Nothing. Here's what I could do: **1. Login to Anyones account:** The Google login API just takes the users email you wanna login to: 