If it was somebody with evil intent, he could have made off with a cool $25 billion.
According to Prakash, when he analyzed the banks app, he found it had several bugs.
So invoking the fund transfer API call directly via CURL, bypassed the receiver/beneficiary account validation.
Prakash successfully tested this flaw using his parents accounts.
The bank took cognizance of his discovery and promptly updated the banking App to patch the flaws.
source: www.techworm.net
