An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.