Security Operations, Data Security, Vulnerability Management

Express website vulnerability exposed customer order details

Hacking the security. The threat of information leakage and the security of the system. Red open padlock among closed black ones. Close the gap, fix the problem.

(Adobe Stock)

As reported by TechCrunch, fashion retailer Express has addressed a significant security flaw on its website that inadvertently exposed customer order details and personal information to the public.

The vulnerability allowed unauthorized access to order confirmation pages, revealing customer names, phone numbers, email addresses, postal and billing addresses, and details of purchased items. Partial payment card information, including card type and the last four digits, was also exposed. The flaw was discovered by security advocate Rey Bango, who found that by manipulating sequential order numbers in the web address, one could view other customers' order information. At least a dozen customer orders were found listed in search engine results.

Express, now owned by WHP Global, patched the website on Wednesday after being contacted by TechCrunch.

Source: TechCrunch

Related

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BitBuffer OverflowBugCronCryptographic Hash FunctionsDaemonData Encryption Standard (DES)Digital Signature Algorithm (DSA)DisassemblyDisaster Recovery Plan (DRP)

You can skip this ad in 5 seconds