Showing all posts tagged with "OWASP 2017 A5". You can also see all tags.
The web page for shipment information contained personal data - and it was possible to iterate through the data.
Personal info like Social Security numbers and personal documents were available. While I mostly hail the City of Bergen's handling of this issue, here are also the details they didn't tell you.
It was possible to control Internet connected Mill heaters worldwide.
Thomas Cook Airlines was leaking passenger information about future og past flights. Information about tens of thousands - or maybe hundreds of thousands - of travels could be systematically downloaded.
The tool for the owner to track its pet became a tool for tracking all the pet owners themselves. The hunters became the hunted.
It was possible to do systematic account takeover for one of Norway's biggest parking companies.
Information about as many as maybe 1.5 million past, current and future hotel stays were openly accessible on the Internet.
Information about thousands - theoretically maybe hundreds of thousands - of customers could be stolen.