• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Would this be considered a web security "breach"?

B

Bumrush99

Diamond Member
So, I placed and account yesterday on letstalk.com for a new cellphone and service. Get a call from their credit department verifying some info because they have strict policies in place regarding fraud and identity theft.

Anyways, I log in today to check status on the order and when I click the order link, I get over 100 other order numbers that are not related to mine with status.. The info is not accessible, but it is still worrisome.

Do you guys think this is a security issue or a simple problem with their database? I would hate to think their website has that many security issues especially after entering my social security number and CC..

Link
 
Ya, that's a pretty big security breach. I'd get a hold of the company to report it, then get a hold of News.com to get a story out of it.
 
I called the company and tried to speak to a supervisor or the web security team and nobody was of assistance. They actually referred me to the privacy and security link on the website!
 
why are you using a 3rd party like letstalk.com and not dealing directly with the cell phone provider?

anyway, many many companies put security so far down on priorities as for it to not exist as a concern. this shouldn't surprise you at all
 
Originally posted by: Bumrush99
I called the company and tried to speak to a supervisor or the web security team and nobody was of assistance. They actually referred me to the privacy and security link on the website!
Click to expand...
Well then take some more screenshots, go in to one of the orders and see if you can see someone else's personal info(to make sure they're actually exposing personal information), then give all the dirt to News.com. It's a bit of a dirty tactic, but I'm sure they'll clean their site up if they're busted for it. You'll also want to follow acemcmac's CC advice.
 
DOH!! I'm normally very in tune with these types of things, but it looks like I royally messed up with this company. I'm a dumb ass for trusting google links without doing more research
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top