> The troubling thing here is how the security underpinnings of an entire platform like Parler can be screwed over by third-party SaaS provider.
News flash: Twilio doesn't control who gets in, just instead of returning ack/nack, they simply were unavailable.
The onus of what to do in this case is entirely on Parler who foolishly decided to default to fail-open (presumably because Twilio being down might impact their bottom line or adoption).
If that's a "real issue" then blame the ones who implemented this service for Parler.
So basically, "I'm unable to verify that you are the owner of this e-mail address now due to the third-party verification platform being unavailable. So, just, here you go, proceed to resetting the password, whoever you are ..."\
Could just that be an integration bug? Things failed open because someone didn't code, or else test that case?
News flash: Twilio doesn't control who gets in, just instead of returning ack/nack, they simply were unavailable.
The onus of what to do in this case is entirely on Parler who foolishly decided to default to fail-open (presumably because Twilio being down might impact their bottom line or adoption).
If that's a "real issue" then blame the ones who implemented this service for Parler.