The failure was detected by the reader of Zaufanatrzeciastrona.pl, who informed the website about the e-mail error. The mishap was that any user of the service could download mail, contacts and data of other users.
How it’s possible? All because of the option to download a copy of your data. Each user had the option to send the request. In response, he received a list of the contents of the directory containing other users’ files. Documents of other users were therefore at hand all the time. Had it not been for the vigilant reader, this mishap might have gone undetected for a long time.
“Our reader discovered one of the most popular security flaws, namely the possibility of gaining unauthorized access to the catalog with customer data. Gaining access required the use of a trick with additional encoding of special characters, but it should not happen in a serious company in relation to customer data, ”said Adam Haertle, chief editor of Zaufanatrzeciastrona.pl.
Agnieszka Skrzypek-Makowska from the Ringier Axel Springer Polska communication office emphasized that they received the information about the error on June 30 and it was treated with the highest priority. On the same day, the failure was to be repaired.
“Errors happen to everyone, but the possibility of downloading someone else’s mailbox in 2021 does not sound like a recommendation to continue using the services of this provider” – emphasizes Haertle
Also read:
Axel Springer will focus on the Polish marketAlso read:
When the media goes to war, they meet it
– .
