'My wife tried to order some clothes tonight. When she logged in, she was in someone else's account ... Now someone's charged her card'

'My wife tried to order some clothes tonight. When she logged in, she was in someone else's account ... Now someone's charged her card'

2020-08-27 06:05

A Reg reader last night spoke of the horrifying moment he realized an online store used by his wife was mixing up some of its online customers, allowing people to gain access to some strangers' personal information and order carts.

"My wife has an account with Fabletics," our reader, who asked to remain anonymous, told us.

"She tried to order some items tonight, but it turned out when she logged in, she was in someone else's account. At the moment some stranger is in her account as they keep adding things to her basket, and she keeps taking them out."

"By clicking around in their site I can access random customer personal details. Name, email, telephone number, address, account details, order history, etc. I could change someone's address if I wanted and maybe get stuff delivered. My wife informed them by phone but they didn't seem to think it was that serious. Not sure they realize how much their site is messed up."

"On Wednesday, August 26, TechStyle Fashion Group identified a website bug that impacted 1,397 Fabletics customers in the EU and Canada, resulting in select customer information mistakenly becoming available to other customers over a short period," the company told The Register.

News URL

https://go.theregister.com/feed/www.theregister.com/2020/08/27/website_leak_complaints/