Fashion rental company HURR Collective exposed user information through misconfigured plugin

James Walker reports:

HURR Collective, a UK-based fashion rental company, has notified around 400 users of a data security incident that resulted in their email addresses being exposed, The Daily Swig has learned.

A misconfigured plugin on the HURR website meant that users’ email addresses could be obtained simply by clicking ‘View Source’ on certain web pages.

Read more on The Daily Swig.  This is another example of how a researcher responsibly disclosed to a business who had the wherewithal to read and respond to the alert.  Well done, folks.

About the author: Dissent

Comments are closed.