Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Ganofins79414d@Lensflare could be a 3rd party app issue. They use several analytics and marketing apps
-
PappyHans55314dPossible sources of data leaks into 3rd party:
- email providers used to send order confirmation emails
- CRM tools
- Less likely but payment providers and access to such
- Compromised account credentials
- Leaking customer and order data into Analytics tools
- Malware on employee machines
I would start from compromised credentials first and look at unusual account activity to rule out the worst case scenario -
retoor1207713dInside job indeed, 3rd party - consider to host an own open source solution for things like analytics and stuff, own email send system... And if it then still leaks - it has to be someone from inside. But it's not that someone can see an invoice by putting the number in some url somewhere? Check what urls are frequently called. Suspicious user accounts on server? Check ps aux for stuff you don't know
-
Demolishun3492313dScammers are such pieces of shits. Strategic nukes are a possible solution. I don't know enough to help. I hope you fucking nail the bastards.
-
jestdotty531313dprobably some plugin
I'd omit some customers from some plugins, then narrow it down based on which get compromised. then you can sue them! -
Ganofins79411d@retoor they have a large customer base so I don't think it would be possible for them to switch to own hosting thing. Beside most of their team is sale, customer success related. Only 1-2 people take care of engineering stuff
It will be tricky thing for them. Right now we will be suggesting them to harden their user login, removing unused/suspicious 3rd party apps, things like that
Let's see -
Ganofins79411d@PappyHans yeah we also focused on compromised users thing and suggested them to harden their users login passwords, implementing 2FA, etc things
Related Rants
Today at work an interesting project came in, so we need to do vapt on a Shopify store and they want us to figure out how their customers are getting fraud calls
Basically whenever their customer places an order, after that the customer gets fraud calls on their mobile phone saying they know all the details of their orders, address, etc things
Where do you think the customer details are being leaked at??
question
penetration
vapt
cybersecurity
security