IMO: I'm pretty sure this is less of an auth issue, than it is a rate limiting issue.
I haven't been able to find anything about the endpoint, but based on the data exposed[0] I think the endpoint they are talking about is the register one which requires a phone number.
I'd bet they didn't rate limit it, and someone just blasted through all phone numbers with it and stored the data for ones that didn't error out.
I haven't been able to find anything about the endpoint, but based on the data exposed[0] I think the endpoint they are talking about is the register one which requires a phone number.
I'd bet they didn't rate limit it, and someone just blasted through all phone numbers with it and stored the data for ones that didn't error out.
[0]
The CSV data columns:
account_id
phone_number
device_lock
account_status
device_count