The company in question was not named to protect users but a security firm said it was an example of mistakes typically made by platforms handling sensitive information.
Article Link: GraphQL API authorization vulnerability found in large B2B financial technology platform | ZDNet