I live in Barcelona and I spend a lot of time walking around the Port Vell marina. It started as a way to unwind, but eventually the ships took hold of me. What are they carrying? Where are they going? I started using MarineTraffic obsessively.
That curiosity was actually what sparked YPSILON, my first serious piece of software: a yacht recommendation system I built as a student after one of those marina walks. MarineTraffic was a key reference throughout that project, and at some point I went from using the website to poking at the API.
That is when I found something I was not supposed to find.
MarineTraffic sells API access at different subscription tiers, with paid plans unlocking richer tracking data. I was on a free account and making requests to compare what different endpoints returned. One of them was returning data that, according to their documentation, should have been restricted to paid subscribers.
I reproduced it a few times to make sure I was not misreading the response. I was not. The paywall existed on the surface but the API itself had no subscription validation. Anyone with a free account and a bit of curiosity could access paid data just by knowing which endpoint to call.
I reported it. Not through a generic contact form but by finding the right person to talk to. I ended up in a conversation with their Head of Engineering, which felt surreal for a student who had only recently figured out how any of this worked.
They fixed it. And then they offered me an internship.
I did not take it. I had other plans. But I kept the story.
MarineTraffic has since been acquired by Kpler.