Pepperfry

On the website of online furniture retailer Pepperfry, a serious security weakness was discovered that might have allowed individuals to sign in to the accounts of other registered customers.

In an exclusive interview with Moneycontrol, the organisation explained that the problem may allow a user to log into the account of another user or even create a brand-new account for any user that doesn't already exist.

The 'Internal Authentication' Application Program Interface (API) on the website, which allowed users to auto-login, contained a bug.

The same API displayed user personal data such as name, address, contact information, etc.

Source: https://www.moneycontrol.com/news/trends/exclusive-security-breach-on-pepperfry-exposes-details-of-users-now-plugged-4411901.html

"id": "PEP155913423",
"linkid": "pepperfry",
"type": "Data Leak",
"date": "09/2019",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"