An anonymous reader shares a CNET report: If you buy a product from Samsung’s online store, your name, address, order information and other data may be accessible to anyone who cares to look. Matt Metzger, a self-described “application security engineer” who said he has worked in shipping-industry compliance, wrote Wednesday on Medium about an accidental discovery. Metzger said he ordered a TV from the Samsung online store and was sent a URL to track his delivery. When he followed the URL, he discovered that his tracking number was the same one used for someone else’s previous delivery and that he could see sensitive information, such as the person’s name and items ordered, without any security measures getting in the way. Metzger also discovered that more information was attached in a TIFF file to his own order after the delivery was completed. The file included his full name, address and signature.Samsung told CNET it is aware of the issue and is looking into it.
Read more of this story at Slashdot.