A popular bot protection system provided by a third party used by a number of US banks would accidentally disclose plaintext usernames and passwords to the bot protection software.
I'm not sure how the bot protection software was deployed but looking at marketing materials I suspect the data was sent to the third party as part of a SAAS service.
We believe this was accidental because a later version of the software stopped doing it. I'm not sure if there was a notification by the third party to users about this flaw.
I'm not sure how the bot protection software was deployed but looking at marketing materials I suspect the data was sent to the third party as part of a SAAS service.
We believe this was accidental because a later version of the software stopped doing it. I'm not sure if there was a notification by the third party to users about this flaw.