UK: Flaw in property inventory website exposed thousands of users’ home contents
James Walker reports on an incident, which while unfortunate, provides us with an example of prompt incident response and thanking the researcher instead of shooting the messenger:
A vulnerability in the website of Inventory Hive, a property inventory service, was leaking members’ personal information, including their name and address, along with internal and external property images.
According to the security researcher who discovered the issue, the vulnerability offered would-be burglars not only a blueprint to “hundreds of thousands” of users’ homes, but also a readymade ‘shopping list’ of items the properties contained.
“A malicious user/thief had all the information needed to enter the [property],” researcher Marco Menozzi told The Daily Swig.
Read more on The Daily Swig