Netflorist exposing entire customer database to threat actors

[Luis]

Netflorist exposing entire customer database to threat actors

South African e-commerce platform Netflorist has a critical security vulnerability exposing the private information of its entire customer base to the Internet.

MyBroadband contacted Netflorist with the information and was told by managing director Ryan Bacher that there was no vulnerability in its system.

 

[Sarg3_ZN]

Harold done messed up.

 

[ISP cash cow]

Netflorist is full of **** with their spam crap

 

[WollieVerstege]

I knew there was a downside sending my wife flowers.

 

[Dolby]

and was told by managing director Ryan Bacher that there was no vulnerability in its system.

He could at least have said 'thanks, we'll look into it' ...

 

[ShaunMorgan]

I knew there was a downside sending my wife flowers.

she may now be able to see who else you sent flowers to...

 

[Cray]

He could at least have said 'thanks, we'll look into it' ...

They already knew about it apparently....

He said the security team took a look but found no potential for exploiting the endpoints because they are “restricted” and do not offer outside access.

This was despite being presented with the links showing that the endpoints were not secured, and anyone could access private customer information from them.

Sounds like his security team needs some more training.

 

[rustypup]

contacted his security team

The security team is Frank. Someone's unemployable nephew. Spends his days mining coin and pwning newbs.

 

[dontcryforme]

Even if Netflorist gets slapped with a max R10m fine - they just need to sell a couple of gift baskets to cover it.

They also have shiţţy drivers.

 

[Heisenborg]

This Ryan Bacher sounds like a proper moron. Well if the so called article is to be believed

 

[Bad Ballie]

On the upside a flat-out denial makes them culpable if anyone suffers a financial loss due to the information breach. If makes the court case so much easier.

 

[Insint]

Netflorist lost me as a customer many years ago.
My wife bought a biltong cutter from them for me.

The thing was so tiny that it could only be take pieces that was already small enough to eat.
I wanted to return it for a refund, but they refused.

They lost way more money from not doing that refund.

 

[xrapidx]

Netflorist has always been ****. I've been trying to get them to remove my details since 2012. Continuous spam and assurances they will remove my details - but don't.

Logged a complaint with the information regulator with all the attachments requesting netflorist to remove my details, and them confirming it was done - the information regulator took two years to respond that I need to send a specific form to netflorist - and because I didn't do that, no action will be taken.

Funny enough, same experience with Pam Golding, repeated requests ignored - then after years they notified me my information was leaked - their response was that they can't remove my details because then they won't know that they can't spam me (which they do anyway) - which was an accepted reason for keeping my information, which they leaked.

SA's information regulation controls are a joke.

 

[gregmcc]

Security team need to be fired, and Ryan Bacher for believing them.

 

[lkswan747]

What a nice response! Sounds like an arrogant a$$ wipe.

 

[xrapidx]

What a nice response! Sounds like an arrogant a$$ wipe.

Pretty much the response you'd expect from management with no clue.

 

[ShaunMorgan]

What a nice response! Sounds like an arrogant a$$ wipe.

We should send him flowers from bloomable.co.za

 

[xrapidx]

We should send him flowers from bloomable.co.za

Are they any good? Need an online florist because lazy and have wife.

 

[Brainrot]

Shame....

 

[Tech Guy SA]

This is why i dont trust api's


you can request your data to be removed (its your right) forgot the term since its been a while when a few asked on my end but removing their digital footprint.