fsebugoutzone.org:9999

       Post B16rinbpcPr0PZIv4a by zackwhittaker@mastodon.social
 (DIR) More posts by zackwhittaker@mastodon.social
 (DIR) Post #B16rinbpcPr0PZIv4a by zackwhittaker@mastodon.social
       2025-12-10T13:44:43Z
       
       0 likes, 1 repeats
       
       NEW: Petco has taken down parts of its Vetco website after we discovered a masive data leak exposing customers&#39; personally identifiable information (and their pets!) to the open web.After flagging the leak, Petco still took four days to respond. We estimate millions of customers may be affected.More: https://techcrunch.com/2025/12/10/petco-takes-down-vetco-website-after-exposing-customers-personal-information/
       
 (DIR) Post #B16ritcPHBsZ35cSno by zackwhittaker@mastodon.social
       2025-12-10T13:49:54Z
       
       0 likes, 0 repeats
       
       We found the bug in how Vetco generates PDF documents for its customers. Its PDF page was public and was indexed by Google, which is how we found it. Worse, an IDOR bug in the URL meant it was possible for anyone to obtain customer data by changing the customer&#39;s unique ID by a single digit. 🤦https://techcrunch.com/2025/12/10/petco-takes-down-vetco-website-after-exposing-customers-personal-information/