Shipped from expensive shop X? In the shed, you say? Researcher spots badness
Parcel wrangler Yodel has corked up a security hole in which random user data leaked to people using its Android app.
The glitch was spotted by security researcher Ax Sharma. He contacted us having failed to get any action out of Yodel when he informed the company via Twitter and web chat.
The problem is not well timed, with online shopping and related white van activity hitting its seasonal peak in the run-up to Christmas.
Sharma told us he had noticed that every time he refreshed the application, he was shown a different – apparently random – set of packages that were not destined for his address.
The glitch showed users fairly sensitive information beyond package location, including the sending retailer, the package's destination and – crucially – any special instruct ..
Support the originator by clicking the read the rest link below.
