Just wondering if anybody knew any info on this. It seems like a client got attacked by a bot and sent many $0 authorizations. How could this happen, does that person need to know the API key to make external API calls? Is that person using a session or token? A little mind boggled right now on how they'd be able to do that.
