Unbelievable that REST APIs of Verizon carried a user-id param that could simply be fuzzed and not tied to auth randywestergren.com/critical…