I flagged a major Data Protection breach but still feel uneasy
Options
Comments
-
stuartJo1989 wrote: »Yes, seriously.
Just because you can't comprehend something, doesn't mean that it isn't possible.
So the estranged father does not know where his kids or ex lives but has luckily got hold of the subscription ID for a kids magazine subscription.
Then, through some sheer stroke of luck hears about a website with data protection problems and it magically fits the ID ke kept just in case it would come in handy one day.
He uses the ID and finds the address of his ex and kids and runs round there to terroise his ex.
On the way round in his haste he accidently runs a Nun over on her way to church who is carrying a basket of kittens.0 -
I do not exactly have plenty of free time to kill, but I kept changing only 3 digits of my own subscriber ID number and within 20 minutes I had accessed 10 different accounts of people all over the UK, including a school. I could see full names, addresses, emails, what subscription they have and when it's due for renewal. :eek::eek::eek:
"I am not a hacker,
I think you'll find you was when you tried to access others accounts!0 -
So the estranged father does not know where his kids or ex lives but has luckily got hold of the subscription ID for a kids magazine subscription.
Then, through some sheer stroke of luck hears about a website with data protection problems and it magically fits the ID ke kept just in case it would come in handy one day.
He uses the ID and finds the address of his ex and kids and runs round there to terroise his ex.
On the way round in his haste he accidently runs a Nun over on her way to church who is carrying a basket of kittens.
Clearly, you are not a woman and you have never been in an abusive relationship. Lucky you.0 -
powerful_Rogue wrote: »I think you'll find you was when you tried to access others accounts!
Sorry to see you are the only one in here who didn't get this, but I ll explain to you. I accessed other accounts only enough times so as to prove a point, I wrote down names and cities and listed them in my letter so that they company would see it as evidence of the vulnerability.0 -
You did a good job in highlighting their shortcomings and they responded quickly , so top marks to them.
Just a shame you then mentioned a freebie
I regret that, too. It wasn't my idea but I do feel bad for having considered it. I never in my life ask for anything for free so I d never have the audacity to pursue it, it is one of these things where you sense something is wrong but someone encourages you otherwise. I hurts I gave a bad impression of myself here but I appreciate the lesson.
I ve sent an email thanking them for resolving this quickly and I am content with the fact they ll be more careful in the future.
Thank you for all the comments.0 -
Sorry to see you are the only one in here who didn't get this, but I ll explain to you. I accessed other accounts only enough times so as to prove a point, I wrote down names and cities and listed them in my letter so that they company would see it as evidence of the vulnerability.
I think that's one of the reasons that "real" hackers have given - and it hasn't stopped them from being arrested and, in some cases, facing the possibility of extradition to the USA and a lengthy prison sentence.
You didn't need to play games and look up other people's details - you just needed to tell them that an unscrupulous person could easily use your method to do so.0 -
So the estranged father does not know where his kids or ex lives but has luckily got hold of the subscription ID for a kids magazine subscription.
Well, I didn't say "estranged father" but we can roll with that if you want to...
An "estranged father" may have been in the child's life at some point, and even collaborated with the mum to get this subscription (in her name). ERGO, he may have paperwork knocking around which has the subscription ID on it (but with an old address for the mum).Then, through some sheer stroke of luck hears about a website with data protection problems
Well, there would be a luck element to it in that the "estranged father" would likely go on the site to see if the subscription is still active etc, not strictly because he found out about the DPA breach. So I agree with you there.and it magically fits the ID ke kept just in case it would come in handy one day.
I don't think someone would keep it on purpose, but upon seeing the flaw they would, if motivated to do so, dig around for the relevant paperwork which they may have by pure chance.He uses the ID and finds the address of his ex and kids and runs round there to terroise his ex.
Aye, it could happen.On the way round in his haste he accidently runs a Nun over on her way to church who is carrying a basket of kittens.
I don't think that would happen.
But in conclusion, I wasn't even arguing with the person I quoted! I was just pointing out that there are very limited circumstances whereby a DPA breach would cause some issues (+ gave an example). 99/100 times it isn't an issue, but I wanted to highlight a possible 1/100 scenario.
I'm sorry if you can't comprehend that. If you come back with a defensive post then I'll just assume that the concept is beyond you.0 -
So to sum up here,
OP has accessed 10 peoples private data and now the company will more than likely have to inform those 10 people that their account info was compromised.
Think of the stress those 10 people (possible single parent females) will now face.0 -
Sorry to see you are the only one in here who didn't get this, but I ll explain to you. I accessed other accounts only enough times so as to prove a point, I wrote down names and cities and listed them in my letter so that they company would see it as evidence of the vulnerability.
What part of that does not fulfil the definition of a hacker?
0
This discussion has been closed.
Categories
- All Categories
- 343.7K Banking & Borrowing
- 250.3K Reduce Debt & Boost Income
- 450K Spending & Discounts
- 235.9K Work, Benefits & Business
- 609K Mortgages, Homes & Bills
- 173.4K Life & Family
- 248.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards