Explore Problems
Showing 6,868 of 6,868 problems · discovered and scored from global sources
Cloud SSH Clients Routing Private Keys Through Vendor Infrastructure
Cross-platform SSH clients like Termius are designed to sync session data including potentially private keys through their own cloud infrastructure, creating a critical security risk for engineering teams. Enterprises need SSH access management that works across platforms without surrendering key custody to a third party. The breach risk from a vendor compromise affecting thousands of downstream infrastructure targets is severe and underappreciated.
Bank leaked customer account details and SSN to scammers then denied responsibility
A bank customer had full account details including SSN leaked to scammers who used them to lock the customer out of their own accounts. Despite not disputing the data release, the bank refused reimbursement claiming no harm was done. This reflects a structural failure in bank data security combined with an accountability gap when breaches occur.
Banks Deny Large-Value Chargebacks for Clear Merchant Non-Delivery Fraud
Consumers disputing large transactions ($2,500+) with merchants who failed to deliver goods face chargeback denials from banks without adequate investigation. The federally mandated dispute process breaks down when banks defer to merchant claims without reviewing consumer-provided evidence. Victims have no accessible escalation path and must turn to regulators as a last resort.
Bank Fraud Holds Block Account Access for Days Leaving Families Without Emergency Funds
Citibank fraud review holds block all account access while the review is in progress with no alternative fund access path for urgent needs. Customers caring for dependents or in financial emergency cannot reach money belonging to them. The fraud hold system has no provision for authenticated access to a minimum emergency balance during review.
Password Managers Are a Single Point of Catastrophic Account Lockout
Centralizing credentials in a password manager creates a single failure point — if it becomes inaccessible through service shutdown, breach, or infrastructure failure, users lose access to every account simultaneously. Self-hosting shifts vendor risk to infrastructure reliability risk without eliminating it. No graceful degradation path exists for most users when their password manager fails unexpectedly.
Identity theft victims stuck with fraudulent accounts despite evidence
Identity theft victims who dispute fraudulent accounts find creditors treating a checkbox online application as sufficient proof of identity, with no verification of government ID, IP logs, or signatures. FCRA mandates a reasonable investigation, but creditors rely on internal system data rather than actual identity verification. Victims with documented theft reports cannot get fraudulent tradelines removed from credit reports.
PG&E Disconnects Power During Heat Waves and Demands Full Debt Payment to Restore Service
PG&E shut off power to a single mother with two children during a heat wave and required full payment of a $2,090 balance before restoration. Government assistance programs were insufficient or unresponsive, and no elected official responded to emergency outreach.
Credit card interest charged despite paying balance before the due date
Cardholders who pay off their balance in full before the statement due date still get charged interest for the prior cycle. The billing-cycle mechanics behind this are not clearly explained, leaving customers feeling charged unfairly.
Part-time developers cannot ship side projects with tools built for full-time teams
Developers with 9-to-5 jobs who want to build side projects face tools, workflows, and culture designed for full-time founders with unlimited time. Limited coding windows—45 minutes on a commute—are incompatible with complex setup, long feedback loops, and team-oriented tooling. There is no purpose-built development environment for the constraint of intermittent, time-boxed building.
Unauthorized debit card charges drain thousands after account info is compromised
A bank customer discovered roughly $4,000 in unauthorized debit card charges after their account information was obtained by a third party. The case reflects ongoing exposure of debit accounts to compromised-data fraud.
No Unified SDK for Object Storage Across Cloud Providers
Developers must use separate, incompatible SDKs for each cloud storage provider (S3, GCS, Azure Blob, R2), creating vendor lock-in and requiring rewrites when switching or supporting multiple backends. A unified abstraction layer is missing in the JavaScript ecosystem. 229 HN upvotes validates strong developer demand.
Business automation pipelines silently fail with no reliable observability
Companies running critical automations via tools like Zapier, Make, or internal scripts lack reliable monitoring — failures are silent or produce subtly wrong data that is hard to catch. Existing solutions focus on infrastructure monitoring, not business process health. The gap causes real financial and operational harm when automations break undetected.
Sophisticated Bank Impersonation Scams Cause Large Unrecoverable Cash Losses
Fraudsters armed with detailed account transaction data convincingly impersonate bank fraud teams, directing victims through legitimate branch or ATM channels to extract large sums. Banks deny reimbursement by classifying these as authorized transactions despite documented coercion. The gap between transaction authorization mechanics and real-world coercion creates a victim accountability mismatch with no institutional safety net.
Mortgage Servicers Proceed with Foreclosure While Ignoring Documented Errors
Homeowners facing foreclosure find mortgage servicers issue loss mitigation denials based on inaccurate records, then ignore formal Notices of Error and appeals while foreclosure proceedings continue. Regulatory response timelines are too slow relative to foreclosure sale dates. There is no effective mechanism for borrowers to halt proceedings while servicer errors are being corrected.
Identity Theft Discovered Too Late During Mortgage Application
Multiple fraudulent accounts were opened using a consumer's identity and went undetected until a mortgage lender pulled their credit report. Existing credit monitoring failed to alert the consumer before significant damage was done.
SaaS Cancel Flows Produce Gamed Data Instead of Real Churn Reasons
SaaS companies lose customers without understanding why because static cancel flows are easy to game — users click random reasons or skip the feedback box entirely. Without real churn signal, product teams cannot fix the root causes. Dynamic, conversational cancel flows with AI trend detection can recover customers and surface actionable attrition insights.
Bank Phone AI Systems Block Access to Human Agents for Real Issue Resolution
Major banks including Bank of America deploy phone AI systems that intercept calls and route customers through automated flows that cannot resolve complex account issues. Customers who need a human agent face persistent gatekeeping with no clear override path. This forces customers to abandon service calls unresolved or use workarounds that should not be necessary.
Fraudulent Accounts on Credit Report After Identity Theft
Identity theft victims struggle to get fraudulent accounts blocked from credit reports despite FCRA legal protections requiring bureaus to act within 4 business days of an FTC report. Credit bureaus fail to conduct reasonable investigations and continue reporting fraudulent accounts without proper verification. Victims need automated tools that track dispute timelines, escalate bureau non-compliance, and enforce statutory removal deadlines.
Bank fraud departments are unreachable during active identity theft emergencies
A Bank of America customer experiencing active identity theft — with fraudulent credit cards being opened in their name — spent 85+ minutes on hold unable to reach the fraud department. The time-critical nature of identity theft makes support inaccessibility directly harmful, allowing additional fraudulent activity during the response window. This is a structural emergency access failure.
Credit bureaus fail to remove identity-theft accounts after repeated disputes
Victims of identity theft report fraudulent accounts and inquiries to credit bureaus along with proof of identity, yet the inaccurate items remain on their credit reports. Repeated disputes do not resolve the underlying reporting error.