cyber Breach

Pepperfry

May 11, 2023 1 min read
Pepperfry

On the website of online furniture retailer Pepperfry, a serious security weakness was discovered that might have allowed individuals to sign in to the accounts of other registered customers.

In an exclusive interview with Moneycontrol, the organisation explained that the problem may allow a user to log into the account of another user or even create a brand-new account for any user that doesn't already exist.

The 'Internal Authentication' Application Program Interface (API) on the website, which allowed users to auto-login, contained a bug.

The same API displayed user personal data such as name, address, contact information, etc.

Source: https://www.moneycontrol.com/news/trends/exclusive-security-breach-on-pepperfry-exposes-details-of-users-now-plugged-4411901.html

"id": "PEP155913423",
"linkid": "pepperfry",
"type": "Data Leak",
"date": "09/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.