Strawberrynet Beauty site lets anyone read customers’ personal information

Popular online cosmetics site Strawberrynet has asked customers if a function that allows anyone to retrieve its customers names, billing addresses, and phone numbers with nothing more than an email address is a bug or a feature
The feature means customers are able to checkout quickly by just putting their email address into a text entry box. Doing so returns personal information in cleartext, if the email address entered is already in Strawberrynet’s records.
The mail explains the company’s stance as follows:

Please be advised that in surveys we have completed, a huge majority of customers like our system with no password. Using your email address as your password is sufficient security, and in addition we never keep your payment details on our website or in our computers.

Source: Beauty site lets anyone read customers’ personal information

For anyone wondering, this is incredibly stupid behaviour.

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Leave a Reply