Fashion retailer Express left customers’ personal data and order details exposed to the internet
Fashion retailer Express has swiftly addressed a significant security vulnerability on its website, which inadvertently revealed customers' personal and order information to the public. This flaw was brought to light by TechCrunch, revealing that multiple customer orders were accessible through online search results. The exposed data included sensitive details such as customer names, phone numbers, email addresses, billing and delivery addresses, as well as partial payment card information. The issue stemmed from order confirmation pages that were publicly accessible, allowing unauthorized individuals to view not just their own orders but also those of others by simply altering the web address. Rey Bango, a security advocate, stumbled upon the flaw while investigating a suspicious purchase linked to a family member's account. He discovered that by searching for an order number on Google, he could access another customer's order details. Bango reached out to TechCrunch to inform Express of the vulnerability in hopes of a swift resolution. Express, which operates extensively in the U.S., Mexico, and Latin America, is now under the ownership of WHP Global. Following the company's acknowledgment of the issue, they implemented a fix but have not disclosed whether they will be informing affected customers about the breach. Joe Berean, Express’ head of marketing, stated, "We take the security and privacy of customer information seriously and encourage anyone who identifies a potential security concern to contact us directly." However, he did not provide details on how customers could report such issues or if there are plans for a formal vulnerability disclosure program. This incident adds to a growing list of recent security oversights, where customer data has been left exposed due to misconfigurations. Notably, similar incidents have occurred with other major retailers, underscoring the ongoing challenges in maintaining robust cybersecurity measures.
Samsung Galaxy A57: A Stylish Mid-Range Phone with a Pricey Dilemma
Samsung's A series has long been a staple in the mid-range smartphone market, but with the recent launch of the Galaxy A...
Business Today | May 30, 2026, 05:35
Texas Measles Outbreak: A Stark Reminder of Vaccination's Importance
A recent analysis has shed light on the severity of the measles outbreak that erupted in West Texas last year, challengi...
Ars Technica | May 29, 2026, 18:45
Dell's Stellar Performance Sparks Anticipation for AI Stocks Next Week
In a recent analysis, CNBC's Jim Cramer highlighted the implications of Dell Technologies' impressive quarterly earnings...
CNBC | May 29, 2026, 22:25
Europe's AI Ambitions Ignite at Mistral's Groundbreaking Summit in Paris
In a vibrant display of ambition, Mistral AI's inaugural summit transformed Paris's Le Carrousel du Louvre into a hub of...
Business Insider | May 30, 2026, 10:45The AI Coding Dilemma: Developers Depend on Technology, but at What Cost?
In a startling trend observed in 2026, developers have become increasingly reliant on artificial intelligence (AI) codin...
TechCrunch | May 29, 2026, 22:20