Explore Problems

Showing 6,868 of 6,868 problems · discovered and scored from global sources

Cloud SSH Clients Routing Private Keys Through Vendor Infrastructure

Cross-platform SSH clients like Termius are designed to sync session data including potentially private keys through their own cloud infrastructure, creating a critical security risk for engineering teams. Enterprises need SSH access management that works across platforms without surrendering key custody to a third party. The breach risk from a vendor compromise affecting thousands of downstream infrastructure targets is severe and underappreciated.

1 mentions1 sources
S6.3L6
Security & Compliance · Application Security

Bank leaked customer account details and SSN to scammers then denied responsibility

A bank customer had full account details including SSN leaked to scammers who used them to lock the customer out of their own accounts. Despite not disputing the data release, the bank refused reimbursement claiming no harm was done. This reflects a structural failure in bank data security combined with an accountability gap when breaches occur.

1 mentions1 sources
S6.3L6
Security & Compliance · Data Privacy

Banks Deny Large-Value Chargebacks for Clear Merchant Non-Delivery Fraud

Consumers disputing large transactions ($2,500+) with merchants who failed to deliver goods face chargeback denials from banks without adequate investigation. The federally mandated dispute process breaks down when banks defer to merchant claims without reviewing consumer-provided evidence. Victims have no accessible escalation path and must turn to regulators as a last resort.

4 mentions1 sources
S6.3L5
Consumer & Lifestyle · Personal Finance

Bank Fraud Holds Block Account Access for Days Leaving Families Without Emergency Funds

Citibank fraud review holds block all account access while the review is in progress with no alternative fund access path for urgent needs. Customers caring for dependents or in financial emergency cannot reach money belonging to them. The fraud hold system has no provision for authenticated access to a minimum emergency balance during review.

1 mentions1 sources
S6.3L5
Industry Verticals · FinTech & Banking

Password Managers Are a Single Point of Catastrophic Account Lockout

Centralizing credentials in a password manager creates a single failure point — if it becomes inaccessible through service shutdown, breach, or infrastructure failure, users lose access to every account simultaneously. Self-hosting shifts vendor risk to infrastructure reliability risk without eliminating it. No graceful degradation path exists for most users when their password manager fails unexpectedly.

1 mentions1 sources
S6.3L5
Security & Compliance · Identity & Access

Identity theft victims stuck with fraudulent accounts despite evidence

Identity theft victims who dispute fraudulent accounts find creditors treating a checkbox online application as sufficient proof of identity, with no verification of government ID, IP logs, or signatures. FCRA mandates a reasonable investigation, but creditors rely on internal system data rather than actual identity verification. Victims with documented theft reports cannot get fraudulent tradelines removed from credit reports.

4 mentions1 sources
S6.3L7
Security & Compliance · Identity & Access

PG&E Disconnects Power During Heat Waves and Demands Full Debt Payment to Restore Service

PG&E shut off power to a single mother with two children during a heat wave and required full payment of a $2,090 balance before restoration. Government assistance programs were insufficient or unresponsive, and no elected official responded to emergency outreach.

3 mentions1 sources
S6.3L5
Consumer & Lifestyle · Telecom & Utilities

Credit card interest charged despite paying balance before the due date

Cardholders who pay off their balance in full before the statement due date still get charged interest for the prior cycle. The billing-cycle mechanics behind this are not clearly explained, leaving customers feeling charged unfairly.

36 mentions1 sources
S6.3L6
Industry Verticals · FinTech & Banking

Part-time developers cannot ship side projects with tools built for full-time teams

Developers with 9-to-5 jobs who want to build side projects face tools, workflows, and culture designed for full-time founders with unlimited time. Limited coding windows—45 minutes on a commute—are incompatible with complex setup, long feedback loops, and team-oriented tooling. There is no purpose-built development environment for the constraint of intermittent, time-boxed building.

1 mentions1 sources
S6.2L7
Developer Tools · Coding Tools & IDEs

Unauthorized debit card charges drain thousands after account info is compromised

A bank customer discovered roughly $4,000 in unauthorized debit card charges after their account information was obtained by a third party. The case reflects ongoing exposure of debit accounts to compromised-data fraud.

5 mentions1 sources Trending
S6.2L5
Security & Compliance · Fraud Prevention

No Unified SDK for Object Storage Across Cloud Providers

Developers must use separate, incompatible SDKs for each cloud storage provider (S3, GCS, Azure Blob, R2), creating vendor lock-in and requiring rewrites when switching or supporting multiple backends. A unified abstraction layer is missing in the JavaScript ecosystem. 229 HN upvotes validates strong developer demand.

1 mentions1 sources
S6.2L8
Developer Tools · APIs & Integrations

Business automation pipelines silently fail with no reliable observability

Companies running critical automations via tools like Zapier, Make, or internal scripts lack reliable monitoring — failures are silent or produce subtly wrong data that is hard to catch. Existing solutions focus on infrastructure monitoring, not business process health. The gap causes real financial and operational harm when automations break undetected.

1 mentions1 sources Trending
S6.2L7
Productivity · Automation & Workflows

Sophisticated Bank Impersonation Scams Cause Large Unrecoverable Cash Losses

Fraudsters armed with detailed account transaction data convincingly impersonate bank fraud teams, directing victims through legitimate branch or ATM channels to extract large sums. Banks deny reimbursement by classifying these as authorized transactions despite documented coercion. The gap between transaction authorization mechanics and real-world coercion creates a victim accountability mismatch with no institutional safety net.

2 mentions1 sources
S6.2L7
Security & Compliance · Fraud Prevention

Mortgage Servicers Proceed with Foreclosure While Ignoring Documented Errors

Homeowners facing foreclosure find mortgage servicers issue loss mitigation denials based on inaccurate records, then ignore formal Notices of Error and appeals while foreclosure proceedings continue. Regulatory response timelines are too slow relative to foreclosure sale dates. There is no effective mechanism for borrowers to halt proceedings while servicer errors are being corrected.

2 mentions1 sources
S6.2L7
Industry Verticals · Real Estate

Identity Theft Discovered Too Late During Mortgage Application

Multiple fraudulent accounts were opened using a consumer's identity and went undetected until a mortgage lender pulled their credit report. Existing credit monitoring failed to alert the consumer before significant damage was done.

2 mentions1 sources
S6.2L7
Security & Compliance · Identity & Access

SaaS Cancel Flows Produce Gamed Data Instead of Real Churn Reasons

SaaS companies lose customers without understanding why because static cancel flows are easy to game — users click random reasons or skip the feedback box entirely. Without real churn signal, product teams cannot fix the root causes. Dynamic, conversational cancel flows with AI trend detection can recover customers and surface actionable attrition insights.

1 mentions1 sources
S6.2L7
Customer Experience · Service & Billing Disputes

Bank Phone AI Systems Block Access to Human Agents for Real Issue Resolution

Major banks including Bank of America deploy phone AI systems that intercept calls and route customers through automated flows that cannot resolve complex account issues. Customers who need a human agent face persistent gatekeeping with no clear override path. This forces customers to abandon service calls unresolved or use workarounds that should not be necessary.

1 mentions1 sources
S6.2L6
Industry Verticals · FinTech & Banking

Fraudulent Accounts on Credit Report After Identity Theft

Identity theft victims struggle to get fraudulent accounts blocked from credit reports despite FCRA legal protections requiring bureaus to act within 4 business days of an FTC report. Credit bureaus fail to conduct reasonable investigations and continue reporting fraudulent accounts without proper verification. Victims need automated tools that track dispute timelines, escalate bureau non-compliance, and enforce statutory removal deadlines.

3 mentions1 sources
S6.2L6
Industry Verticals · FinTech & Banking

Bank fraud departments are unreachable during active identity theft emergencies

A Bank of America customer experiencing active identity theft — with fraudulent credit cards being opened in their name — spent 85+ minutes on hold unable to reach the fraud department. The time-critical nature of identity theft makes support inaccessibility directly harmful, allowing additional fraudulent activity during the response window. This is a structural emergency access failure.

3 mentions1 sources
S6.2L6
Security & Compliance · Identity & Access

Credit bureaus fail to remove identity-theft accounts after repeated disputes

Victims of identity theft report fraudulent accounts and inquiries to credit bureaus along with proof of identity, yet the inaccurate items remain on their credit reports. Repeated disputes do not resolve the underlying reporting error.

86 mentions1 sources
S6.2L6
fintech