Baby Clothes Giant Carter’s Leaks 410K Customer Records
#1
Information 
Quote:Baby clothes retailer Carter’s inadvertently exposed the personal data of hundreds of thousands of its customers, dating back years, according to a new disclosure.
 
The issue started with Linc, which is a vendor the company used to automate purchases online, according to analysts with vpnMentor who first discovered the issue. The Linc system was delivering customers shortened URLs with Carter’s purchase and shipping details without basic security protections. The links contained everything from purchase details to tracking information and more.
 
“Furthermore, by modifying the Linc URLs (to which the shortened URLs were redirecting), it was possible to access backend JSON data, which revealed even more personal information about customers that wasn’t exposed by the confirmation pages, such as: Full names delivery addresses and phone numbers,” the report explained.
 
The analysts calculated that more than 410,000 records, and hundreds of thousands of customer records, were exposed in the leak — which they estimated dates as far back as 2015.
 
“Those shortened URLs were easily discoverable to hackers due to a lack of sufficient entropy or compensating security protocols,” the vpnMentor analysts wrote. “Carter’s also put no authentication in place to verify that only the person who’d made the purchase could visit the confirmation page.”
 
Compounding the risk, the researchers found that the links never expired, meaning customers who might have purchased from Carter’s years ago were still potentially in danger.

Read more: Baby Clothes Giant Carter’s Leaks 410K Customer Records | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
Baby Clothes Giant Carter’s Leaks 410K Customer Records - by silversurfer - 12 June 21, 07:18

Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
uBOLite_2024.12.23.23
uBOLite_2024.12.23...harlan4096 — 10:29
You found a seed phrase from someone els...
Scammers have inve...harlan4096 — 09:58
Google files remedies proposal in DOJ's ...
The U.S. Departmen...harlan4096 — 09:48
PowerToys 0.87.1
PowerToys 0.87.1 ...harlan4096 — 09:46
GFYI [Official] EaseUS Christmas 2024 B...
Merry Christmas and ...zevish — 08:07

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>