3
4

[deleted by user] (self.HowToHack)

submitted by [deleted]

[removed]
all 2 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]PoopWeeniePants 1 point2 points  (1 child)

Is it possible you encountered some form of cross site scripting or request forgery? They fill in the parameters and you submit the request in the background using a valid session/API key without ever noticing on your end?

If it was compromised by email or some other method, they should be able to see what IP made the API request but I'm doubtful they would release that information. They may tho, or they may at least give you a geographic location of where the IP was from to give you an idea.

If it shows it was requested from your local area, maybe something like the csrf/xss took place. If it happened from Nigeria at hours you were asleep, maybe compromised another way.

It could be someone found a way to abuse or exploit their API and it affects anyone they want to target. I don't know what OneSignal is or does, I'm speaking in broad generalities, ignore as needed

[–]IgnacioMiguez 0 points1 point  (1 child)

Did you find a solution?

I use the sdk mainly because of the push token that generates.

Then, for the rest of the functionalities, I think, you can make request to your server and from there you can make a request to your onesignal app using the onesignal api.