Basic design flaws on a Labour party members forum exposed the email
addresses of users to harvesting.
Surfers who register through the site http://members.labour.org.uk were
invited to confirm their membership, and activate their account, by
clicking on the link in an email sent to a specified account.
The email follows the form
http://members.labour.org.uk/man-auth/ActivationSent/10000XXXXX
A Reg reader who registered through the site realised that the number at
the end of this URL is probably sequential, a unique id which refers to
the account just registered. Sure enough, just changing the ID in the
URL to a lower number led to the presentation of an email address of
another registrant ...
No comments:
Post a Comment