Southern Water provide utility drinking water and waste management services to around 4.7 million customers in the South of England, covering as far west as Bournemouth, along the coast to Dover and Ramsgate, and up to Dartford and Haslemere.
Several years ago, they created a section on their website that allows customers to manage their account — view bills, make payments, update details, etc.
Unfortunately, a vulnerability in this management area allowed any logged in customer to view bills and documents from other customers, as well as retrieve authentication tokens which allowed for direct API access to their internal billing…
UPDATED — 11th July 2018, 11:10 (GMT+1)
In my previous post, I detailed a stupidly easy information disclosure issue at the international betting and gaming website BetVictor, where usernames and passwords for various back-end and 3rd-party systems were exposed for all to see.
To try and understand the severity of the problem, I contacted management and the media department at BetVictor to try and get a statement. …
UPDATED — 2nd July 2018, 13:50 (GMT+1)
Every single one of you reading this has a password — hopefully more than one. You take care of your passwords, ensuring they are strong and secure. But you are just one person looking after your own life. Imagine the passwords of multi-million dollar organisations. They must be even stronger and more secure, right?
For those who are not familiar, BetVictor are a large betting and gaming website. With estimated turnover in excess of £1 billion and half a million customers in more than 160 countries around the world, they also…