"Home Data Spills Bring Trouble to Your Door, Experts Warn"
Cybernews research finds that major companies are leaking their customers' home addresses and other personal information. The Cybernews research team recently found a configuration error that impacted the Spanish-owned Cosentino Group, which operates in more than 80 countries and has facilities in Spain, Brazil, the US, and more. The company specializes in developing and distributing high-end surfaces for residential and commercial settings, including kitchen and bathroom countertops, flooring, cladding, and outdoor surfaces. A misconfiguration on the Cosentino website enabled threat actors to gain access to customers' home addresses in addition to their full names, email addresses, and phone numbers. Customers who have worktops installed in their homes are required to register online in order to get a warranty from the manufacturer. Researchers were able to download a PDF copy of the document when registering for the warranty. When examining the HTTP request associated with the download link, they found a PDF ID that can easily be manipulated. Changing the number at the end of the URL incrementally enables one to switch between different warranty documents, meaning that anyone can access the PDFs of other customers and see their personal information. This flaw is called an Insecure Direct Object Reference (IDOR) vulnerability, and it could allow unauthorized access to sensitive information. This article continues to discuss the Cosentino Group data leak and why exposing home addresses is dangerous.
Cybernews reports "Home Data Spills Bring Trouble to Your Door, Experts Warn"