Fashion rental company HURR Collective exposed user information through misconfigured plugin

guest · Dec 18, 2019

Fashion rental company HURR Collective exposed user information through misconfigured plugin
Email addresses were leaked in website’s source code
December 18, 2019
https://portswigger.net/daily-swig/...user-information-through-misconfigured-plugin

HURR Collective, a UK-based fashion rental company, has notified around 400 users of a data security incident that resulted in their email addresses being exposed, The Daily Swig has learned.

A misconfigured plugin on the HURR website meant that users’ email addresses could be obtained simply by clicking ‘View Source’ on certain web pages.

We can confirm that the email addresses of around 400 users were exposed in our website’s source code as a result of a misconfigured third-party plugin,” HURR co-founder and CEO Victoria Prew told The Daily Swig.
The London-based company was alerted to the email exposure incident by an independent security researcher who wished to remain anonymous.
“We have implemented additional security measures to better protect our website code and implemented all additional recommendations provided to us by technical experts.”
Click to expand...

Log in or Sign up

Fashion rental company HURR Collective exposed user information through misconfigured plugin

guest Guest

Log in or Sign up

Fashion rental company HURR Collective exposed user information through misconfigured plugin

guest Guest

Useful Searches