From Wikipedia
Hackers exploited an unsecured API endpoint, potentially enabling phishing and SIM swapping attacks.
