Updates about my life and what I learn about creating software

Michael Lynch, also known as Mtlynch, is a software engineer, blogger, and open-source contributor known for his insights into technology, privacy, and personal productivity. Readers can learn about software development, privacy tools, and strategies for managing information overload. With thoughtful essays, tutorials, and productivity tips, Mtlynch offers  perspectives and strategies for navigating the complexities of modern life and technology.

Michael Lynch

A Massachusetts utility company's EV rebate portal exposed customer personal information—including names, addresses, vehicle registration details, and VINs—through unauthenticated API endpoints. The vulnerability allowed anyone to access and potentially modify rebate applications by simply removing authentication cookies from HTTP requests. The issue was discovered during a frustrating rebate claim process that required excessive documentation and had perverse incentives, as the utility had no stake in approving claims once customers had already purchased EVs. The vendor responded quickly to fix the reported vulnerabilities within 24 hours.

Eversource EV Rebate Program Exposed Massachusetts Customer Data

Why is this rebate process so complicated? 🔗︎

We need your charger’s MAC address 🔗︎

The perverse incentives of Eversource’s EV rebate program 🔗︎

Eversource leaking customer records 🔗︎

What if a malicious user changes my application? 🔗︎

What Massachusetts residents can do 🔗︎