By the sounds of it, another breach from a well-known, not new web application security vulnerability, "Insecure Direct Object Reference".
That vuln has been an explicit part of the OWASP Top 10 since 2007...
Unlike other common web app vulns (e.g. XSS SQLi) IDOR usually can't be fixed by a development framework (e.g. ASP.Net or Rails), it needs app. specific coding for proper Authentication/Authorization checks.
That vuln has been an explicit part of the OWASP Top 10 since 2007...
Unlike other common web app vulns (e.g. XSS SQLi) IDOR usually can't be fixed by a development framework (e.g. ASP.Net or Rails), it needs app. specific coding for proper Authentication/Authorization checks.