We’d like to remind Forumites to please avoid political debate on the Forum.

This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.

📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!

WARNING: Logged in to https://www.postcodelottery.co.uk and discovered a big data breach!

angryoldgit
angryoldgit Posts: 7 Forumite
Part of the Furniture First Post Photogenic Combo Breaker
in Techie Stuff
Please be aware if you use Postcode Lottery. Its had a serious problem this morning. I logged in only to find I was logged into someone else's account where I could read all their personal data. Refreshed the page and another persons details were laid bare.
:mad: angryoldgit
«13

Comments

  • flaneurs_lobster
    flaneurs_lobster Posts: 7,546 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    Have you told Postcode Lottery?
  • Vitor
    Vitor Posts: 955 Forumite
    500 Posts First Anniversary Photogenic Name Dropper
    That's why it's called a lottery  B)
  • flaneurs_lobster
    flaneurs_lobster Posts: 7,546 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    Vitor said:
    That's why it's called a lottery  B)
    Might sign up.

    If the bit that pays out money is as generous (and flaky) as the bit that gives away other user's details then its got to be worth a punt.
  • SURREYDAVE
    SURREYDAVE Posts: 4 Newbie
    Part of the Furniture First Post Combo Breaker
    Same here — I experienced the exact same issue. I called them to report it, but they said they were already aware of the problem. I sent e mail first but looks to be a 5 day window to reply.                                                                                    I could also see another member’s profile details, which is really worrying. I wonder who may have seen my details?                                                                                                                                                                                  It sounds like it maybe a data protection (GDPR) issue, and I also think they should be contacting all users today- to explain what happened and advise us to change our passwords — which I’ve already done just in case.                  Their site is currently locked for log in 
  • victor2
    victor2 Posts: 8,199 Ambassador
    Part of the Furniture 1,000 Posts Name Dropper
    Another hacked system perhaps?
    Either that or somebody really screwed up an "update" to their system. If what's said above is true, it surely must be reported to the ICO.

    I’m a Forum Ambassador and I support the Forum Team on the In My Home MoneySaving, Energy and Techie Stuff boards. If you need any help on these boards, do let me know. Please note that Ambassadors are not moderators. Any posts you spot in breach of the Forum Rules should be reported via the report button, or by emailing forumteam@moneysavingexpert.com. 

    All views are my own and not the official line of MoneySavingExpert.

  • Ergates
    Ergates Posts: 3,201 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    victor2 said:
    Another hacked system perhaps?
    Either that or somebody really screwed up an "update" to their system. If what's said above is true, it surely must be reported to the ICO.
    More likely to be an internal screwup than a hack.

    Definitely a GDPR breach and definitely needs reporting to the ICO - I expect that's already happened.

    What's interesting/disturbing is that they apparently didn't take the site off line as soon as they initially learned it was happening!
  • DSW45
    DSW45 Posts: 1 Newbie
    First Post
    Like everyone else I logged in this morning and was presented with someone elses account containing all their data. I have written to Postcode lottery to advise that there is a major Data protection issue and have asked them what they are doing to resolve and what actions will need to be taken by individuals to change personal details which have been exposed to third parties. postcode lottery should have reported the breach as per the data protection Act
    • Report the breach:
      • If the breach poses a high risk to individuals' rights and freedoms, notify the relevant supervisory authority, such as the ICO, without undue delay, and at the latest within 72 hours of becoming aware of it. 
    • If the risk is high, you must also notify the affected individuals.
  • MouldyOldDough
    MouldyOldDough Posts: 2,831 Forumite
    1,000 Posts Third Anniversary Photogenic Name Dropper
    The site is still up and running with no reports or warnings !

    If I was half as smart as I think I am - I'd be twice as smart as I REALLY am.
  • marcia_
    marcia_ Posts: 3,636 Forumite
    Sixth Anniversary 1,000 Posts Photogenic Name Dropper
    It's showing an application error when i try and log on so they are working on it 
  • brewerdave
    brewerdave Posts: 8,842 Forumite
    Part of the Furniture 1,000 Posts Name Dropper
    Probably an official hack on behalf of Rachel from Accounts - she is going to tax all those individuals who have enuf money to gamble on ......the Postcode Lottery !!!
Meet your Ambassadors

🚀 Getting Started

Hi new member!

Our Getting Started Guide will help you get the most out of the Forum

Categories

  • All Categories
  • 352.2K Banking & Borrowing
  • 253.6K Reduce Debt & Boost Income
  • 454.3K Spending & Discounts
  • 245.3K Work, Benefits & Business
  • 600.9K Mortgages, Homes & Bills
  • 177.5K Life & Family
  • 259.1K Travel & Transport
  • 1.5M Hobbies & Leisure
  • 16K Discuss & Feedback
  • 37.7K Read-Only Boards

Is this how you want to be seen?

We see you are using a default avatar. It takes only a few seconds to pick a picture.
Update Your Picture