Originally Posted by
rrgg
This is 100% speculation, but is it possible there's not an actual security issue? What I mean is whatever code was added to perform these merges also includes something to detect multiple merges.
Here's my speculation. What if the code added to perform the merges contained a major security vulnerability? For example, something that allowed an attacker to feed in random AAdvantage numbers and get back some information of value about them?