I Hacked Monster Energy and You Won’t Believe What They Think You Look Like
The Energy Drink Giant That Forgot to Lock Its Doors As a hacker who likes energy drinks, I decided to check out Monster Energy’s corporate infrastructure. What I found was completely exposed and making terrible security decisions. Monster University: Where Security Goes to Die Monster University (mu.monsterenergy.com) is where Monster employees go to learn about their brand. It’s also where I learned that changing /login to /register in the URL is apparently Monster’s idea of “authentication.” The registration form appeared but wouldn’t submit. So I went straight to the JavaScript to find the actual API endpoint. The API helpfully told me exactly which fields were missing from my registration attempt. Once I called the API directly with the right fields, boom, I was in. Full access to…
