🎯Basically, a flaw on Express's website let people see other customers' order details.
What Happened
A significant security flaw was discovered on the Express website, allowing unauthorized access to customer order details. This vulnerability exposed sensitive information, including customer names, phone numbers, email addresses, postal addresses, and details of purchased items. Additionally, partial payment card information, such as card type and the last four digits, was also made public.
Who's Affected
The breach impacts numerous customers who placed orders through the Express website. At least a dozen customer orders were found indexed in search engine results, making their details accessible to anyone who searched for them.
What Data Was Exposed
The exposed data includes: This type of data exposure can lead to various risks, including identity theft and phishing attacks.
Customer names
Phone numbers
Email addresses
Postal and billing addresses
Details of purchased items
Partial payment card
What You Should Do
If you are a customer of Express, consider taking the following steps: Express has since patched the vulnerability after being contacted by TechCrunch. It is crucial for organizations to prioritize security to protect customer data and maintain trust.
Containment
- 1.Monitor your financial statements for any unauthorized transactions.
- 2.Change your account passwords to enhance security.
Remediation
🔒 Pro insight: The exposure of sensitive data through sequential URL manipulation highlights the need for robust input validation and access controls.
