Tell HN: Royal Mail Data Leak
Royal Mail (the UK's postal service) has a product called click and drop that allows businesses to pay for and print shipping labels online. It has some value-add features like order-syncing to make buying labels easier. Today when loading pages on click and drop it will show you details from some random account each page load. We saw details of other businesses orders and customer addresses before we logged out and called them about it. We asked another business if they noticed the same and they confirmed that they had.
35 comments
[ 3.9 ms ] story [ 87.0 ms ] threadEDIT: https://clickanddrop.statuspage.io/incidents/8cd3bf2qyz5h
A data breach just means that data is accessed by unauthorized parties. Accidental data breaches are not only possible, but common. If a company accidentally emails a group of customers with CC instead of BCC that's technically a data breach, although in most circumstances a low-impact one.
This however is worse, as the property they were negligent with wasn't their own property. It's the bank taking your safe deposit contents and leaving it at the bus stop.
It was crazy. I don't think I've ever told anyone (how would it come up?) but this reminded me of it.
Happens even to the best companies.
Experience is the best teacher I guess, although we all seem to be doomed to make the same mistakes.
Er...no. This is an inexcusable screwup.
Unfortunately, most devs don't think there is ever a need to check that until it fails.
Something like: user_profile_bio.[user_id]
If that returns the wrong bio from Redis, then something is broken in Redis, no? Or are you suggesting that I create some sort of format that duplicates the user id in the data itself?
Undoubtedly you are sure this won't ever go wrong, but all it takes is someone else to cache something at user_profile_bio.[customer_id] and you've got a problem (at best it won't work, at worst you'll get the wrong user profile).
Imagine instead of a user profile at Royal Mail this was patient data in a hospital. Getting this information wrong could endanger someone's life.
And mistakes with private data that isn't safety critical can still cost a hefty fine from a government data protection office, or bad publicity and damage to your reputation.
If you're doing:
How is it all that different with Redis? Someone can mistakenly send in a :customer_id when writing records, but I don't really know anyone out there that also stores user_id into every table they query user_id from.The thing is that a function like
makes it a lot harder to fuck up, doesn't matter if you swap some ids somewhere (i.e. fetch_profile actually uses the customer id, not the user_id), or if the cache fucks up, or if you accidentally wrote 'SELECT * FROM user_profile WHERE user_id = user_id'.The account was new and I never used Amazon before.
I did received the book thou.
Every time I get a parcel through them I get a phishing sms about the parcel.