On the Site of La Poste, a Bug Allows Access to the Account of Other Customers

Maj. June 22, 2019 at 1:39 pm

A security flaw allegedly related to the management of cookies has allowed users of the La Poste site to access the content and personal data of other customers. It was even possible to change account information and preferences. The Post Office has publicly acknowledged the problem and apologized.

A major security breach on the La Poste site was detected by users on 20 June 2019. As Zataz reports, some of them, when trying to access their own account, ended up on other clients’ accounts, sometimes being able to access personal data such as delivery addresses, orders, and even my messages. It was even possible to change the information in these accounts.

Data leakage at the Swiss Post site

“When I connect I am called Madeleine, if I update I am Samy… and when I upload a mail and ask for the preview, I can read the one (rather confidential: the son is refused at the agricultural college) of Myriam”, alerts a surfer on Twitter. Several similar testimonials were published on the social network during the morning.

Read also: Hackers hack into a Post Office advertising agency, credit card numbers compromised…

The Post Office acknowledged the problem, but did not give more details to understand what might have happened. “The incident is resolved”, simply communicated the group, apologizing in passing. For Zataz, the bug comes from a vulnerability in the management of cookies by the page. The site also reminds us that such a security breach falls under the scope of the GDR.

Source : Zataz





You May Also Like