Sebastian Stoll

@GenevaInvestor @nic_amadio People from *Albania, Andorra, Belarus, Iceland, Liechtenstein, Moldova, Monaco, Montenegro, North Macedonia, Norway, San Marino, Serbia, Switzerland, Ukraine, and UK* finding out they're not European

@nic_amadio Yes

Here's another Europoor making €1.2M a year at 35 👇 Working as a senior staff eng in Zurich big tech.

@NevenMCE first make sure this doesn't happen every month lol

19 years old, €25K on the account. What would you do in my position?

@ParasMadan9 @hridaykadam lmao truuue

@hridaykadam Aviato reminds me of Silicon Valley from HBO

bro is 18 btw

.@conductor_build + @charlieholtz It'd be amazing if you displayed the base + head branch I hate leaving Conductor, but I find myself verifying base + head branch every time I'm about to merge the PR

@mynameisyahia Another website uses the same pills. Borderline fraudster behaviour.

@mynameisyahia This has to be ragebait lmao They also have "Validated by Cloudflare", I assume that must be the DNS proxy? 😂

Yeah... Um.... don't do this

@AlexBarnicoat_ @DailyLoud Europe is on fire my guy

@DailyLoud What is happening to the UK? Why is everyone swinging at everyone.

Wild fight breaks out in the United Kingdom after a man gets sucker punched 👀

The thing I hate crypto the most is that a lot of people (knowingly) buy in on scams. Because it's just a game of getting out just in time before the train derails.

@xlab_os Well .. welcome to earth, where not everyone "work serious work for OTA" and learn what you did in 2016 lol 🤷‍♂️

@SebastianStoll0 Anyone who work any serious work for OTA knows this. I've learned in 2016, and back then lots of hotels and hotel chains demanded full card details. People don't realize how MANUAL this process is in remote locations around the globe.

UPDATE Likely not a exploit Booking-com allows hotels/airlines retrieve the raw card details "as supplied by the guest" ⚠️‼️ (Only PCI compliant partners, I suppose) So .. in other words: The security of your CC details don't stop at Booking, the data may be forwarded to the hotel/airline.. Use virtual credit cards with spending limits, NOT your main bank-issues credit card Source: Their developer docs (Reservations API => "Retrieving new reservations")

@miguemely101 I'd assume the verification step is a PCI compliance check/verification

@SebastianStoll0 Holy shit... I hate to be wrong here.... partner.booking.com/en-us/help/pol… Although they say "New partners may have temporary restrictions. Your property may need to be further verified before you can access card details for prepayments.", I wonder what the verification step is like.

Source: #booker-details" target="_blank" rel="nofollow noopener">developers.booking.com/connectivity/d…

@miguemely101 Well .. the response partners (hotels, airlines etc.) get includes a "Booker detail" object, which contains CC details **"as supplied by the guest"** So, no, it's not a generated VCC #booker-details" target="_blank" rel="nofollow noopener">developers.booking.com/connectivity/d…

@SebastianStoll0 Ok I just looked at the API docs you referenced For context for everyone reading this after the fact: developers.booking.com/connectivity/d… If you go through the XML response, it shows it’s a generated VCC (Virtual Credit Card). So I bet you it wasn’t the hotel.

@miguemely101 No, they send it as supplied by the guest Check their partner developer documentation

@SebastianStoll0 Wait what? They send credit card data but it’s not yours, it’s a virtual credit card they provide to hotels that isn’t tied to you short of that VCC being tied to the reservation.

@plbiojout I hate the "while you sleep" so much, but it works, ig Well done!

I hit $1M ARR in 55 days. No French founder has ever done it faster. With $0 in paid acquisition. Here's how I count ARR: zero trials. Zero "signed LOIs." Zero projection tricks. I take active, billing subscriptions in Stripe and multiply by 12. The number on my Stripe dashboard. For scale, days from $0 to $1M ARR for French-founded startups: @NanoCorpHQ : 55 @polsia : 80 @submagic_co : 90 Speel: ~90 Gojiberry AI by @romanbuildsaas: ~270 @lemlist : ~700 How I did it: I obsess over one thing. My users actually launching companies that work. Not signups. Not demos. Not vanity dashboards. Real companies making real money, built by people who had the idea but never the means to ship it. Now they do. When your users win that hard, growth stops being a marketing problem. You can launch yours in one prompt: nanocorp .so

@bookingcom x.com/SebastianStoll…

.@bookingcom A virtual card I’ve literally only ever used with you, have had a manual entry payment attempt this morning, from an authorized party Have you experienced a security breach you haven’t properly informed us about?

@finelylesberg @bookingcom That probably sounded cooler in your head, but yeah .. I guess :)

@SebastianStoll0 @bookingcom girl your card can be compromised like a million different ways

@lesbianwooper It's a flight ticket, I'd expect those companies to be more careful than random hotels..

@godthrewthedice @bookingcom I'm literally asking, assuming the bare minimum lmao But appreciate your productive contributions

@SebastianStoll0 @bookingcom Some websites don't even require a CVV, and sometimes cards are issued in batches for the expiry date. We don't know if it was done correctly or not. You're assuming too much.

@godthrewthedice @bookingcom I don't, how do you expect me to know? 😂 That's why I asked Booking Seems quite unlikely that someone would guess the full card number + expiry date + CVV

@SebastianStoll0 @bookingcom How do you know how weren't the victim of a bin attack