Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

Forums2degreesEmail about final bill for on account.


8806 posts

Uber Geek

Trusted
Subscriber
Topic # 107762 19-Aug-2012 16:00 Send private message

Got an email from 2deg about my overdue final bill (finally)

Anyway, at the top is a link for Having trouble viewing this email? View it online.

When I click that link I get someone elses final bill amount and name and account number etc.


Bit of a big damn oops there from 2degrees about customer privacy etc. Edit to remove the hyperlink. Also its not provided over https so yet another fail security wise.




Richard rich.ms

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2Next
4241 posts

Uber Geek
  Reply # 674262 19-Aug-2012 16:07 Send private message

Is it a privacy beach though? I have been emailed other customer receipts before, and never thought this was a privacy breach. I would have just thought it was an error. I guess it depends on what sort of information is disclosed. But someone else name and address, which maybe publicly available anyway in the phone book may not be a privacy breach.



8806 posts

Uber Geek

Trusted
Subscriber
  Reply # 674282 19-Aug-2012 16:35 Send private message

Tell that to ACC ;)




Richard rich.ms

134 posts

Master Geek
  Reply # 674284 19-Aug-2012 16:38 Send private message

mattwnz:
richms: Got an email from 2deg about my overdue final bill (finally)

Anyway, at the top is a link for Having trouble viewing this email? View it online.

When I click that link I get someone elses final bill amount and name and account number etc.


Bit of a big damn oops there from 2degrees about customer privacy etc. Edit to remove the hyperlink. Also its not provided over https so yet another fail security wise.


Is it a privacy beach though? I have been emailed other customer receipts before, and never thought this was a privacy breach. I would have just thought it was an error.


I hate private beaches

z2k

195 posts

Master Geek

Trusted
  Reply # 674288 19-Aug-2012 16:57 Send private message

Hi Richms, this is really concerning. If you pm me the URL you got and your phone number I'll investigate and find out how this happened.

BDFL
43665 posts

Uber Geek

Administrator
Trusted
Geekzone
Subscriber
  Reply # 674308 19-Aug-2012 17:32 Send private message

mattwnz: Is it a privacy beach though?


Yes, it is. Intentional or not, it is.






Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blogtechnology disclosure, my tweets, Web Performance Optimization

Geekzone Price comparison | Amazon Kindle order page | How to get the best out of Geekzone | New Zealand IT Jobs | Geekzone News | Jinglebugs 

657 posts

Ultimate Geek

Trusted
2degrees
  Reply # 674481 20-Aug-2012 11:49 Send private message

Hi Rich

Please PM your # and acct # so we can look into this ASAP.

Cheers
^POB



8806 posts

Uber Geek

Trusted
Subscriber
  Reply # 674497 20-Aug-2012 12:09 Send private message

Already PMed to z2k earlier. Not read yet so sending to 2degrees too.




Richard rich.ms



8806 posts

Uber Geek

Trusted
Subscriber
  Reply # 674747 20-Aug-2012 19:36 Send private message

....so... what happened? who cocked up to let this multi step failure of privacy happen?




Richard rich.ms

z2k

195 posts

Master Geek

Trusted
  Reply # 674780 20-Aug-2012 20:23 Send private message

richms: ....so... what happened? who cocked up to let this multi step failure of privacy happen?


POB is checking with the team that looks after these emails, will update when there is more information.

z2k

195 posts

Master Geek

Trusted
  Reply # 675897 23-Aug-2012 12:49 Send private message

Just an update, it looks like it was an issue with the email template used which has now been corrected.

4241 posts

Uber Geek
  Reply # 675903 23-Aug-2012 12:56 Send private message

There was a similar story on fair go last night, where someone was sent someone else details.

3602 posts

Uber Geek
  Reply # 675919 23-Aug-2012 13:25 Send private message

isn't this similar to an issue that 2D had a while back, where customers found somebody else's details filled in when they went to log into the 2Degrees website?



8806 posts

Uber Geek

Trusted
Subscriber
  Reply # 676008 23-Aug-2012 16:16 Send private message

Will that correct that my details are on a non ssl server with no authentication or just that I see someone elses details on the link?




Richard rich.ms

190 posts

Master Geek
  Reply # 676024 23-Aug-2012 16:46 Send private message

I've had a "privacy breach" with Pizza Hut one time. I logged in to order myself a pizza and it said "Welcome Hamish". I had somehow logged in as a Hamish and could see his personal details and preferred pick-up store.

By the way, my name isn't Hamish. Just saying that all systems out there have issues occasionally.

271 posts

Ultimate Geek
  Reply # 676025 23-Aug-2012 16:46 Send private message

richms: Will that correct that my details are on a non ssl server with no authentication or just that I see someone elses details on the link?


The non SSL part might just be routing, I would imagine it is very much protected.




"The Atlantis base, brings greetings from the pegasus galaxy, you may cut power to the gate!."- Dr Weir (Rising) New Zealand · http://www.chevronx.com · http://www.incinerate.co.nz

 1 | 2Next
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when new jobs are posted to our jobs board:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
Android and iOS combine for 92.3% of all smartphone OS shipment in the first 2013 quarter
Posted 17-May-2013 08:38

Apple’s App Store marks 50 billionth download
Posted 17-May-2013 08:25

Gen-i divests Davanti Consulting through management buyout
Posted 16-May-2013 14:02

Huawei G510 bring big-screen mobile entertainment for Android users
Posted 16-May-2013 11:49

BlackBerry BBM goes multiplatform: iOS and Android versions
Posted 15-May-2013 11:28

BlackBerry introduces BlackBerry 10 QWERTY smartphone
Posted 15-May-2013 09:32


Trending now »
Hot discussions in our forums right now:

A reason not to shop at dick smith
Created by dsnz1, last reply by AKLWestie on 17-May-2013 22:45 (82 replies)
Pages... 4 5 6

A new project coming to Geekzone
Created by freitasm, last reply by plambrechtsen on 19-May-2013 21:49 (199 replies)
Pages... 12 13 14

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by Finch on 19-May-2013 22:02 (1441 replies)
Pages... 95 96 97

Track my Phone, Car, how to best do it in .nz?
Created by DonGould, last reply by sonyxperiageek on 19-May-2013 22:24 (15 replies)

Sitting on a boring conference call
Created by SaltyNZ, last reply by SepticSceptic on 17-May-2013 16:52 (14 replies)

Samsung Galaxy SIII Discussion and Owners Thread
Created by networkn, last reply by Johnk on 19-May-2013 16:32 (5523 replies)
Pages... 367 368 369

Chorus is cutting the cost of VDSL to service providers from June 7
Created by maxzzz, last reply by Zeon on 19-May-2013 19:40 (46 replies)
Pages... 2 3 4

Office 365 service outage 2013-05-18
Created by freitasm, last reply by nitrotech on 19-May-2013 18:58 (18 replies)
Pages... 2


Geekzone Jobs »
Most recent NZ jobs in technology:

Exciting Intern Opportunity
Posted 19-May-2013 20:27

Business Analyst
Posted 19-May-2013 18:27

Senior Business Analyst
Posted 19-May-2013 18:27

Senior Business Analyst
Posted 19-May-2013 18:27

Project Coordinator, Reputable Company, Career Pro
Posted 19-May-2013 18:27

Change Manager - Large Financial Services Organiza
Posted 19-May-2013 18:27

Software Developer - Join a market leading company
Posted 19-May-2013 18:27


Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »
Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.