Thailand - IDOR on www.starbuckscardth.in.th: A logged in user could view any Thailand Starbucks card balance if they knew that Starbucks card number

nnez discovered that after a successful card balance transfer between two of their own registered Thailand Starbucks cards, they could update the 2nd card number URL parameter to another known Thailand Starbucks card number and view that 2nd card balance. @nnez — thank you for reporting this vulnerability and for confirming the resolution.