Best Security Search
Security News

Popular Cosmetics Site Strawberrynet Operates an Insecure Policy

The popular cosmetics online shop Strawberrynet has fell under severe critique from security experts as they have publicly posted information about potential problems in the way the site handles personal information. According to the security expert Troy Hunt, the site uses an insecure policy that exposes the private customer data to malicious users.

Security experts alarm Strawberrynet’s customers

Serious privacy concerns have been raised by the security researcher Troy Hunt who reported a flaw in the site’s security policy. Apparently, if a user uses the quick checkout functionality, then his personal data is stored in a way that allows anyone to access them. Malicious users only need to type in the email addressees of the target victims and their information is displayed. This includes delivery address, names, telephone number and other essential data that are needed to make the purchase.

This type of privacy issue can lead to automated attacks from botnets or other methods of harvesting customer data.

The company has responded that their site utilizes SSL and complies with industry standards for processing the payments. This means that there is no way that the hackers can obtain the credit card numbers of the customers. However, the publicly exposed personal information can be used by malicious users in social engineering or other types of attacks against the individuals themselves.

In response to rising concerns, Strawberrynet has informed their clients that anyone can request their personal data to be hidden from view by emailing the customer support staff.

This issue has been identified in early August 2006, however now it has surfaced to public attention once again. This is another type of feature that indicates that not always options that provide the benefit of easier access and operation should be used when they compromise security. Customer responses have skyrocketed as a lot of users have requested their private details hidden from the public.
straweberry-net-twitter-response

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

  • StrawberryNET

    Thank you for your communication, we do listen to all views, over the sixteen years we have been operating it is only occasionally anyone has taken this position, most accept the convenience of quick access.

    We do however understand your view, and as we have an account management system that is protected by password, we will make it clearer on our site upon registration that this option is available.

    Thank you again for your communication.