Is this a recent development? also any clue what the loopholes are? id like to make sure my client isn't vulnerable