Darren Pauli reports:
Hacker Joseph Redfern has reported a privacy flaw at UK telco Three, which exposed names and email addresses in online surveys.
The telco shuttered the offending survey site and the exposed API which returned the private information in JSON forms when a user entered data.
Refern says the flaw meant any phone number could be keyed into the clear text requests. Doing so would produce the real name and email address of the owner.
“The site was making an AJAX request to an API … over cleartext HTTP passing my mobile phone number in the URL,” Redfern says.
Read more on The Register.