Stories
Slash Boxes
Comments

SoylentNews is people

Top VPN Software Had a Major Security Flaw

posted by Fnord666 on Wednesday March 11 2020, @05:28AM   Printer-friendly
from the not-the-flaw-you're-looking-for dept.

Top VPN Software Had a Major Security Flaw

upstart writes in with an IRC submission for SoyCow4275:

Top VPN software had a major security flaw:

One of the most popular VPN services available today may have exposed customer payment information due to a significant security flaw.

Security researchers uncovered a vulnerability in the payment platform used by NordVPN, which has millions of users around the world.

The flaw could have allowed hackers access to user account information, including email addresses and shopping history, according to the team at security firm HackerOne.

UPDATE: NordVPN has told TechRadar Pro that the vulnerability was isolated to three small payment providers and possible to exploit only within a limited timeframe.

"We have confirmed with our tech team that the issue was disclosed on H1 only after evaluating that no data had been exploited," a NordVPN spokesperson told us.

Also at:

NordVPN HTTP POST bug exposed customer information, no authentication required:

Original Submission #1Original Submission #2

 
This discussion has been archived. No new comments can be posted.
Top VPN Software Had a Major Security Flaw | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Wednesday March 11 2020, @04:37PM

    by Anonymous Coward on Wednesday March 11 2020, @04:37PM (#969688)

    Think about it. They claim to need this data for security. What security? Credit card fraud is covered by the banks and card systems. No, they are chosing to forgoe a sale if they can't collect the end user's personal data.

    Um no, credit card fraud is not covered by the banks and card systems. When a fraudulent charge is reversed the money is simply refunded directly from the merchant's account back to the cardholder's.

    Generally the merchants accepting credit cards are SOL in case of fraud and have to eat the loss. The banks never lose.

    Not saying they aren't also trying to collect your personal information but credit card fraud can be really bad for businesses that accept credit cards, and many of these verification tools really are about reducing overall risk to the business. Like any policy that involves vetting customers, this will have a cost in the form of losing some legitimate sales. They presumably lost out on selling to you, so hopefully for the business the actual reduction in credit card fraud was worth it.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1