An online shop advertised with “more than six million satisfied customers”.
But then Stiftung Warentest discovered serious security gaps.
Stiftung Warentest discovered serious security gaps at an online retailer.
Not only the online shop voelkner.de, but also two other mail order companies were affected.
Names, addresses and the means of payment used were not adequately protected.
Munich - In times of the Corona lockdown, online shopping is probably a blessing for many people.
Products can be conveniently delivered to your home with just a few clicks.
However, the shopping experience becomes problematic when there are difficulties with data protection.
There was such a problem recently with the online shop v
oelkner.de
.
According to Stiftung Warentest, the provider, who mainly sells products from the electronics, technology and tool sectors, accidentally gave addresses and orders from users due to a data leak.
Data leak at online retailer: orders from numerous customers can be viewed over longer periods of time
Until recently, orders from numerous customers could therefore be viewed on the website of the online retailer, which claims to have “more than six million satisfied customers”.
Names, addresses and means of payment used included.
As the Stiftung Warentest announced, the retailer finally fixed the vulnerability on January 29, 2021 after it had been made aware of the problem by the consumer organization.
The electronics
shop
digitalo.de
and the toy
mail order company smdv.de
were also
affected
.
Like
voelkner.de,
they belong
to the Nuremberg-based company Re-In Retail International GmbH.
The visible data included orders over long periods of time.
“We were able to go back to December 1, 2020 to look at orders that were long past.
At
smvd.de
we even found detailed order overviews going back to 2008. We therefore assume that the data of thousands of customers were affected, ”denounces Stiftung Warentest in a report.
Just recently, Mediamarkt also had a huge breakdown that left customers foaming.
However, data protection was not the problem here.
Stiftung Warentest reveals: security gap at large online retailer - "It was child's play"
Users would have had no way to protect their data.
It is not possible to hijack customer accounts, to place orders on behalf of strangers or to view detailed payment data of users.
Nevertheless, deliveries could have been intercepted or customers could have been spied on.
Consumers will probably also think that according to the consumer organization it was a "very primitive security hole".
"Accessing the data did not require any hacking skills, it was very easy," was the shocking conclusion.
After the report from Stiftung Warentest, the company reacted quickly.
The security gap was closed promptly and, according to the managing director, no longer existed from January 29, 2021 from 4:54 p.m.
(
nema
)
Further news for consumers: Spaghetti in the eco-test
A recent comparison by Öko-Test did not produce a good result: 20 different brands of spaghetti were examined.
In some cases, toxic ingredients were detected.