Jump to content

Logo

Today's Active Posts

Photo
- - - - -

Password change sends other user information


4 replies to this topic

#1 Glenn Fincher

Glenn Fincher

    Newbie

  • Members
  • Pip
  • 3 posts

Posted 09 February 2016 - 01:45 PM

I had to change my logon password & in the email that I received, it had another user's "Username" & "Email address". Using the embedded information does seem to have changed ONLY my password, but this represents a data leakage. How did my name/credentials result in a different users info being sent?

 

I have the email & a screenshot that I will share w/a site admin.

 

 - Gfincher


  • Learysinsight likes this

#2 Cole Turner

Cole Turner

    Advanced Member

  • Administrators
  • 49 posts

Posted 09 February 2016 - 01:49 PM

Glenn, thank you for bringing this to our attention.

 

The email you received contains my email address - it's hard coded by accident.

 

It will be taken care of shortly.

 

Edit: I want to clarify that there is no data leak. We recently redesigned that email template and I forgot to swap out my email address for the proper variables.


  • Bernard Capulong, Eli Benson and Glenn Fincher like this

Engineer @ EDC | My Profile


#3 Learysinsight

Learysinsight

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 22 October 2016 - 06:32 PM

Glenn, thank you for bringing this to our attention.

 

The email you received contains my email address - it's hard coded by accident.

 

It will be taken care of shortly.

 

Edit: I want to clarify that there is no data leak. We recently redesigned that email template and I forgot to swap out my email address for the proper variables.

I'm sorry but that is a data leak.  If Glen received someone else's data that isn't his, it's by definition a data leak.  



#4 Learysinsight

Learysinsight

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 22 October 2016 - 06:35 PM

Anyways glad your on it.  I have to add that I have never had so much difficulty with an email and password change in my life.



#5 Cole Turner

Cole Turner

    Advanced Member

  • Administrators
  • 49 posts

Posted 23 October 2016 - 12:38 AM

I'm sorry but that is a data leak.  If Glen received someone else's data that isn't his, it's by definition a data leak.  

 

There is not nor was there ever any "data leaks." 

 

What happened (seven months ago) was that we redesigned our lost password email and I forgot to swap out my own information when it was done. Imagine if I designed an Mad-Lib but left a couple of my answers in the template. I don't mind however since all community members have a direct line to my email via Technical Support on our contact page:

 

http://everydaycarry.com/help

 

If you have any further questions please feel free to contact me personally. This topic is now locked.


Engineer @ EDC | My Profile





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users