How Do You Handle the Discovery of a Web Site Disclosing Private Data?
An anonymous reader writes I recently discovered that a partner web site of a financial institution I do business with makes it trivially easy to view documents that do not belong to me. As in, change the document ID in a URL and view someone else's financial documents. This requires no authentication, only a document URL. (Think along the lines of an online rebate center where you upload documents including credit card statements.) I immediately called customer service and spoke with a perplexed agent who unsurprisingly didn't know what to do with my call. I asked to speak with a supervisor who took good notes and promised a follow-up internally. I asked for a return call but have not yet heard back. In the meantime, I still have private financial information I consider to be publicly available. I'm trying to be responsible and patient in my handling of this, but I am second guessing how to move forward if not quickly resolved. So, Slashdot, how would you handle this situation?
Those people will definitely take your info and get it acted upon.
... That way we can help, too.
Also, and this is a bit off topic, but what high school did you go to and what's your mother's maiden name?
You've hacked a bank and now you're a terrorist. Expect a visit from the FBI and a taxpayer funded trip to Cuba.
"The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
I agree. A friendly game of baseball is the perfect opportunity to discuss security issues with them.
Get free satoshi (Bitcoin) and Dogecoins