UK: Southern Water customers could view others’ personal data by tweaking URL parameters
Gareth Corfield reports:
Southern Water – British supplier of the liquid of life – botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details.
Reg reader Chris H discovered that the way Southern Water had set up Sharepoint to host customer information as a “your account” style section of their website exposed URLs that could be tweaked to view other people’s account information.
Read more on The Register.