/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F863945%2F5532b738-8e31-49e5-a04c-6da8b3219400.jpg)
Card Factory, a popular UK-based greeting card business, stores some of its customers’ data in an insecure way, letting anyone access their photos with an incredibly simple URL trick.
The site was notified about the issue on October 8 and hasn’t fixed it or alerted its customers about it in a week, Mashable has learned.
Iain Row, a website developer from Milton Keynes, told Mashable about the issue, which he’d discovered when he was buying a birthday card for his brother. He’d noticed that the location of the uploaded photo was stored in an insecure way, letting anyone access any other user’s photo as well. Read more…
More about Security, Security Flaw, Card Factory, Private Data Exposed, and Tech