As a former bored teen, who went after similar sized companies (and was eventually caught), I’d say you’ve already got your answer - boredom, being a tad neurotypical helps too.
Most of the things I pulled could have been prevented if everything was checked against the OWASP top 10.
Then the other multiplier is how old the company is, at a certain stage there’s a digital footprint that isn’t properly documented internally.
Most of the things I pulled could have been prevented if everything was checked against the OWASP top 10.
Then the other multiplier is how old the company is, at a certain stage there’s a digital footprint that isn’t properly documented internally.