Southern Water

Southern Water

British supplier of liquid of life, Southern Water botched its internal Sharepoint.

They had set up Sharepoint to host customer information as a “your account” style section of their website which exposed URLs that tweaked to view other people’s account information.

A vulnerability in this management area allowed any logged-in customer to view bills and documents from other customers, as well as retrieve authentication tokens which allowed for direct API access to their internal billing SharePoint site.

Compromised data included customer’s full name, address, customer account number, payment reference number, bill, and payment dates, account balance, payment amount, bill amount, meter details, and meter readings.

Source: https://www.theregister.com/2020/08/28/southern_water_sharepoint_shenanigans/

"id": "SOU232226123",
"linkid": "southern-water",
"type": "Vulnerability",
"date": "08/2020",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.