UK mobile network Three accidentally revealed user data through a flaw in an online survey
Getty Images Europe
Security researcher Joseph Redfern found that entering any phone number into Three's survey site would expose the name and email address of the person it belongs to - meaning you could input a stranger's number and their contact details would be revealed.
The weird part about the security flaw is that the personal data wasn't actually used on the survey site once it was loaded on the web page.
Redfern says he informed Three customer support about the vulnerability, but never heard anything else from them. The next thing Redfern knew, the site had been taken offline, and Three's survey API was removed.
We reached out to Three for comment on this story.
Below is a video that Redfern made to explain the vulnerability:
The Three vulnerability is similar to a problem that Uber ran into earlier this week. It created a petition microsite that allowed respondents to enter special characters (like # or <), and a security researcher used that vulnerability to enter computer code into the petition that forced it to display an ad for rival company Lyft.
- Should you be worried about the potential side-effects of the Covishield vaccine?
- India T20 World Cup squad: KulCha back on menu, KL Rahul dropped
- Sales of homes priced over ₹4 crore rise 10% in Jan-Mar in top 7 cities: CBRE
- Gold prices fluctuate as geopolitical tensions ease; US Fed meeting, payroll data to affect prices this week
- Best beaches to visit in Goa in 2024