Witchery pulls mobile site after customer details exposed
Sarah Michael reports:
Witchery has shut down its mobile website after it was hit with a security breach that exposed customers’ personal details and orders.
A glitch in the “track my order” function for online shopping opens personal details pages of other customers, and even allows them to edit the information.
It also allows them to see details of all other orders being processed on the retailer’s website.
Read more and see the screen grabs on news.com.au. How did this flaw get past them? Did no one really test the mobile site?