Data vulnerability exploit on your support site

  1. majik
    Donut Sep 30, 2014

    majik , Sep 30, 2014 :

    By keying in my IMEI incorrectly by accident when opening a support ticket I determined that your IMEI's are sequential and that by incrementing some digits in the IMEI I can reveal the name and email address of the person who owns the phone with the IMEI I input, because their personal info is displayed on the confirmation page when the ticket is submitted regardless of who is signed into the account at the time.

    One could easily whip up a script that would increment through all of your IMEI's and collect the names, email addresses and IMEI's of every one of your customers in short order.

    Might want to fix that.

    ultrapowerpie and gmack523 like this.
  2. gmack523
    Froyo Sep 30, 2014