Mighty Ape website logging me in as different users

Forums › Off topic › Mighty Ape website logging me in as different users

1 | 2 | 3 | 4 | 5

BDFL - Memuneh
79310 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3376385 24-May-2025 14:46

They have a different concept of "breach" and "compromise".

If someone saw another person's details - that's a privacy breach.

If someone could place an order using credit card data stored - that's a compromise.

Anything else is just doublespeak.

michaelmurfy

meow
13266 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#3376386 24-May-2025 14:48

“No credit card details were compromised” and yet I could see the first and last digits of somebody’s credit card and could potentially use this to make online purchases using the website…

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

boosacnoodle

963 posts

Ultimate Geek

#3376388 24-May-2025 14:58

michaelmurfy:

“No credit card details were compromised” and yet I could see the first and last digits of somebody’s credit card and could potentially use this to make online purchases using the website…

I could too, and they’ve turned comments off. Seriously disappointing and a misleading response, at best.

heavenlywild

5063 posts

Uber Geek

Trusted

#3376389 24-May-2025 15:10

I think since Kogan bought MA it was the beginning of the end.

I believe they won't be around on 5 years time unless Kogan sells it to someone more competent.

I bought plenty of stuff from them before. Now? Nothing for over a year. Stuff is either expensive or hard to find on their site.

networkn

Networkn
32359 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3376421 24-May-2025 17:52

No credit card details were compromised? Umm what?

This is an awful handling of the situation. I was happy to give them the benefit of the doubt, because it takes time to determine the cause of a problem, fix it, determine the scope and come up with a plan, though some acknowledgement would have been reasonable much earlier.

Something along the lines of..

'We are investigating reports that some users may have been able to see the account details of other accounts. We are actively working urgently to determine the cause, fix the problem, and will report as soon as we can on this issue'.

'We have identified the cause of the issue that allowed some users to see the details of others accounts, and have remediated the issue. This was a technical issue, not a malicious security breach. We are now working to confirm the scope of the issue and will report back'

'We have confirmed the scope of the issue. We will be reaching out to all customers impacted, directly via email in the next 24 hours. We are confident this issue was not a malicious act, and have put measures in place to ensure this never happens again. A full incident report will be released within 5 days'.

networkn

Networkn
32359 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3376422 24-May-2025 17:54

heavenlywild:

I think since Kogan bought MA it was the beginning of the end.

I believe they won't be around on 5 years time unless Kogan sells it to someone more competent.

I bought plenty of stuff from them before. Now? Nothing for over a year. Stuff is either expensive or hard to find on their site.

I disagree entirely. I have found things are much the same. The new website was a pretty big screw up, but I have found the range of items they carry and the price of them to be pretty good. I have had reason to interact with their customer service team 4 times in the last 12 months, twice with issues I was the cause of, and in every case they exceeded my expectation.

networkn

Networkn
32359 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#3376423 24-May-2025 17:56

freitasm:

They have a different concept of "breach" and "compromise".

If someone saw another person's details - that's a privacy breach.

If someone could place an order using credit card data stored - that's a compromise.

Anything else is just doublespeak.

I am inclined to lean to ignorance rather than deliberate misleading, though I could be wrong. It's a very poorly worded statement though, and I can understand why people might feel it's all intentional.

Mistakes happen, the world is still run by humans, but communications is all important at a time like this. I always drill my team that technical excellence is desireable, but communicaton excellence is mandatory.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

Goosey

2834 posts

Uber Geek

Subscriber

#3376645 26-May-2025 06:50

Surprised nobody has said something about monkeys and peanuts 🤭

xpd

Geek @ Coastguard NZ
13769 posts

Uber Geek

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#3376648 26-May-2025 07:15

Goosey:

Surprised nobody has said something about monkeys and peanuts 🤭

Circus.

'nuff said.

Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

LinkTree

boosacnoodle

963 posts

Ultimate Geek

#3377716 28-May-2025 16:16

Has anyone here been contacted yet? I have not heard anything.

kiwiharry

1030 posts

Uber Geek

ID Verified

Subscriber

#3377979 29-May-2025 10:32

Privacy Commissioner looking into the Mighty Ape glitch

https://www.stuff.co.nz/nz-news/360703912/privacy-commissioner-looking-mighty-ape-glitch

If you can't laugh at yourself then you probably shouldn't laugh at others.

taneb1

518 posts

Ultimate Geek

ID Verified

Trusted

Mercury

#3378220 30-May-2025 08:20

Just got the email confirming I was impacted as part of the breach, with a $50 we're sorry credit applied to my account.

Any comments made are my personal views and does not represent those of my employer

RunningMan

8961 posts

Uber Geek

#3378226 30-May-2025 08:46

The repeated insistence with each communication that credit card details were not compromised when the OP says they could see those details right there in the original report is concerning.

That email should be more upfront and say that home address, order history and email address were visible to one or more other users.

MaxineN

Max
1774 posts

Uber Geek

ID Verified

Trusted

Subscriber

#3378230 30-May-2025 09:15

taneb1:

Just got the email confirming I was impacted as part of the breach, with a $50 we're sorry credit applied to my account.

Um LOL?

Everyone's account was potentially exposed, with card and address details. What kind of crap response is this?

Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

richms

28198 posts

Uber Geek

Trusted

Lifetime subscriber

#3378236 30-May-2025 09:51

If its session swapping then they know which sessions were accessed during the time that there was the issues happening. Simple log analysis will show all accessed profiles to know who to email.

Richard rich.ms

1 | 2 | 3 | 4 | 5