I've just been doing some catching up and dug up some information regarding AlphaBay's new vendor API. Very useful and innovative feature to be honest, I think other Markets should follow suit as long as they can do so securely, it could definitely help busy vendor's with multiple team members.
Anyway, not to throw shade their way after bigging up this new feature, but something like this, which allows you to return data from your account, should be combed with a huge amount of testing, to the point where you know it is 100% secure, absolutely air tight.
Did AlphaBay do this? The answer is no. When they first released the API in April, for the first day, anyone could access all* messages through it.
*to the point of the request limit.
After a fix was issued, it was announced that 1.5% of messages had potentially been accessed. The response also mentioned that the messages in that block were useless regarding refunds, etc. Honestly, that is not the point. I truly believed the admins were competent enough to simply test each parameter of an API that could return such sensitive data. This fuck up, could realistically have caused a lot of damage to some people's lives if there was any personal information involved, which there could have been, they could happily downplay it, unless they want to provide some transparency on this. It just seems like it was brushed under the carpet, and I can't find any mention of it on Reddit, so it was kept as quiet as possible.
This was a seriously dangerous vulnerability, that could have put peoples freedom on the line, it could possibly be LE that downloaded the messages, we don't know that. To simply say it is now fixed and that it is not an issue, is completely unacceptable in my opinion.
Transparency please, more details. Someone page whoever the fuck has infiltrated their ranks because I'm out of the loop.
I am of the Opinion that Alpha-Bay is here to stay. For a few different reasons. Firstly, they have been operating for a LONG time, I think longer than any other market. Secondly they are always adding features that have NEVER been seen on DNM markets before, like the API access, shared access, autoshop, tumbling withdrawals, partial FE, and Multi-sig. Thirdly, I don't see another market coming close to what Alpha-Bay has done in terms of features.
Usually Exit scams include establishing a new market, gaining a following there, and then taking the older market offline and pocketing the coins. So that the new Market now gets a large amount of 'refugee' users. I see no other Market like it that would suffice as a replacement.
Alpha-Bay's Support sucks dick though, especially the goodfor nothing BigMustash (or whatever that fucks handle is) Good for nothing Mod, who doesn't even read the request and copy-pastes the same exact generic message in all the response.
ALPHA-BAY should fire that dumb fuck of a mod. Otherwise. I think Alpha-Bay will be around for some time.