""When I tried to look up if the order number was a legitimately formatted Express order number using Google, I saw a link to another order and someone else's order information came up!" Bango told TechCrunch."
"Express uses order numbers that are largely sequential, which makes it easy to potentially cycle through thousands of orders by changing the order number in the web address using automated web tools."
"After we contacted Express, the apparel giant fixed the flaw on Wednesday, but would not say if it plans to notify customers of the security lapse."
"We take the security of our customers very seriously and are committed to protecting their information." said Express' head of marketing Joe Berean."
Express patched a security flaw that allowed public access to customer order details, including names, addresses, and partial payment information. The flaw was discovered by Rey Bango while investigating a fraudulent purchase. He found that by altering the order number in the web address, anyone could access other customers' information. Express confirmed the issue was resolved but did not disclose plans to notify affected customers. The company is managed by WHP Global and operates numerous stores across the Americas.
Read at TechCrunch
Unable to calculate read time
Collection
[
|
...
]