Cross-Site Request Forgery (CSRF) attacks are widespread, and even some BigTech companies suffer from them.
Netflix suffered in 2006 with CSRF vulnerabilities. Attackers could change login credentials, change the shipping address and send DVDs to a newly set address. YouTube suffered from CSRF attacks where an attacker could perform actions of any user ING Direct Banking has lost money to CSRF attackers who used their web application to do illicit money transfers McAfee Secure’s vulnerability allowed attackers to change their company system.
How were the attackers able to do this? What were some of the techniques they used?