# Arrays in JSON

1. When sending JSON data, try to send multiple values in list. Seen two instances on twitter:

* Person was able to bypass OTP verification by sending all otps in list.

 e.g {"otp":\[1223,1224,1225...]}

* Person was able to takeover account by trying same password on multiple email address hoping one of them uses this weak password.

e.g {"email":\["first2g.com","<second@g.com>",...], "password":"insecure"}