UK: Southern Water customers could view others’ personal data by tweaking URL parameters

Gareth Corfield reports:

Southern Water – British supplier of the liquid of life – botched its internal Sharepoint implementation so badly that a customer was able to view other people’s account details.

Reg reader Chris H discovered that the way Southern Water had set up Sharepoint to host customer information as a “your account” style section of their website exposed URLs that could be tweaked to view other people’s account information.

Read more on The Register.

About the author: Dissent

Comments are closed.