Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.



10851 posts

Uber Geek
+1 received by user: 436

Trusted
Subscriber

Topic # 107762 19-Aug-2012 16:00 Send private message

Got an email from 2deg about my overdue final bill (finally)

Anyway, at the top is a link for Having trouble viewing this email? View it online.

When I click that link I get someone elses final bill amount and name and account number etc.


Bit of a big damn oops there from 2degrees about customer privacy etc. Edit to remove the hyperlink. Also its not provided over https so yet another fail security wise.




Richard rich.ms

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
6983 posts

Uber Geek
+1 received by user: 338


  Reply # 674262 19-Aug-2012 16:07 Send private message

Is it a privacy beach though? I have been emailed other customer receipts before, and never thought this was a privacy breach. I would have just thought it was an error. I guess it depends on what sort of information is disclosed. But someone else name and address, which maybe publicly available anyway in the phone book may not be a privacy breach.



10851 posts

Uber Geek
+1 received by user: 436

Trusted
Subscriber

  Reply # 674282 19-Aug-2012 16:35 Send private message

Tell that to ACC ;)




Richard rich.ms

135 posts

Master Geek


  Reply # 674284 19-Aug-2012 16:38 Send private message

mattwnz:
richms: Got an email from 2deg about my overdue final bill (finally)

Anyway, at the top is a link for Having trouble viewing this email? View it online.

When I click that link I get someone elses final bill amount and name and account number etc.


Bit of a big damn oops there from 2degrees about customer privacy etc. Edit to remove the hyperlink. Also its not provided over https so yet another fail security wise.


Is it a privacy beach though? I have been emailed other customer receipts before, and never thought this was a privacy breach. I would have just thought it was an error.


I hate private beaches

z2k

218 posts

Master Geek
+1 received by user: 1

Trusted

  Reply # 674288 19-Aug-2012 16:57 Send private message

Hi Richms, this is really concerning. If you pm me the URL you got and your phone number I'll investigate and find out how this happened.

BDFL
49440 posts

Uber Geek
+1 received by user: 4348

Administrator
Trusted
Geekzone
Subscriber

  Reply # 674308 19-Aug-2012 17:32 Send private message

mattwnz: Is it a privacy beach though?


Yes, it is. Intentional or not, it is.





889 posts

Ultimate Geek
+1 received by user: 33

Trusted
2degrees

  Reply # 674481 20-Aug-2012 11:49 Send private message

Hi Rich

Please PM your # and acct # so we can look into this ASAP.

Cheers
^POB



10851 posts

Uber Geek
+1 received by user: 436

Trusted
Subscriber

  Reply # 674497 20-Aug-2012 12:09 Send private message

Already PMed to z2k earlier. Not read yet so sending to 2degrees too.




Richard rich.ms



10851 posts

Uber Geek
+1 received by user: 436

Trusted
Subscriber

  Reply # 674747 20-Aug-2012 19:36 Send private message

....so... what happened? who cocked up to let this multi step failure of privacy happen?




Richard rich.ms

z2k

218 posts

Master Geek
+1 received by user: 1

Trusted

  Reply # 674780 20-Aug-2012 20:23 Send private message

richms: ....so... what happened? who cocked up to let this multi step failure of privacy happen?


POB is checking with the team that looks after these emails, will update when there is more information.

z2k

218 posts

Master Geek
+1 received by user: 1

Trusted

  Reply # 675897 23-Aug-2012 12:49 Send private message

Just an update, it looks like it was an issue with the email template used which has now been corrected.

6983 posts

Uber Geek
+1 received by user: 338


  Reply # 675903 23-Aug-2012 12:56 Send private message

There was a similar story on fair go last night, where someone was sent someone else details.

5154 posts

Uber Geek
+1 received by user: 739


  Reply # 675919 23-Aug-2012 13:25 Send private message

isn't this similar to an issue that 2D had a while back, where customers found somebody else's details filled in when they went to log into the 2Degrees website?



10851 posts

Uber Geek
+1 received by user: 436

Trusted
Subscriber

  Reply # 676008 23-Aug-2012 16:16 Send private message

Will that correct that my details are on a non ssl server with no authentication or just that I see someone elses details on the link?




Richard rich.ms

224 posts

Master Geek
+1 received by user: 6


  Reply # 676024 23-Aug-2012 16:46 Send private message

I've had a "privacy breach" with Pizza Hut one time. I logged in to order myself a pizza and it said "Welcome Hamish". I had somehow logged in as a Hamish and could see his personal details and preferred pick-up store.

By the way, my name isn't Hamish. Just saying that all systems out there have issues occasionally.

272 posts

Ultimate Geek


  Reply # 676025 23-Aug-2012 16:46 Send private message

richms: Will that correct that my details are on a non ssl server with no authentication or just that I see someone elses details on the link?


The non SSL part might just be routing, I would imagine it is very much protected.




"The Atlantis base, brings greetings from the pegasus galaxy, you may cut power to the gate!."- Dr Weir (Rising) New Zealand · TechRemedy

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:




News »
Westpac signs five year agreement with IBM
Posted 22-Aug-2014 12:00


Dunedin as an innovation hub
Posted 22-Aug-2014 09:06


When venture capital hurts start-ups
Posted 21-Aug-2014 19:54


Long wait for ARM servers
Posted 21-Aug-2014 19:35


Firefox now or no choice later
Posted 21-Aug-2014 08:41


New Zealand’s Fastest ISPs 2014
Posted 20-Aug-2014 16:27



Trending now »
Hot discussions in our forums right now:

Vodafone TV multicast settings on pfSense?
Created by kenkeniff, last reply by TimA on 21-Aug-2014 19:35 (90 replies)
Pages... 4 5 6


CGA. Is it fair?
Created by BTR, last reply by bazzer on 22-Aug-2014 11:02 (86 replies)
Pages... 4 5 6


UFB provider comparison
Created by Rappelle, last reply by dcole13 on 21-Aug-2014 20:43 (23 replies)
Pages... 2


Lightbox press event release
Created by freitasm, last reply by reven on 22-Aug-2014 11:20 (467 replies)
Pages... 30 31 32


Free: Smart Button for your Android device
Created by freitasm, last reply by wasabi2k on 22-Aug-2014 11:15 (99 replies)
Pages... 5 6 7


It was hardly 'hacking' was it?
Created by CB_24, last reply by gzt on 21-Aug-2014 22:26 (97 replies)
Pages... 5 6 7


How to refresh WinXP
Created by Rickles, last reply by allan on 20-Aug-2014 14:25 (19 replies)
Pages... 2


Vodafone now charging you to receive a bill via post
Created by stocksp, last reply by johnr on 22-Aug-2014 10:03 (82 replies)
Pages... 4 5 6



Geekzone Live »
Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.