Topic: idor vulnerability

Sort by: Relevance | Date
  • Petco's Vetco Website Breach Exposes Customer Data
    December 11, 2025

    Petco's Vetco Website Breach Exposes Customer Data

    A major security lapse on Petco's Vetco Clinics website exposed extensive personal customer and pet data, including medical histories and owner signatures, due to an unprotected PDF-generating page. The vulnerability was an insecure direct object reference (IDOR) flaw, allowing unauthorized acces...

    Read More »
  • India's Income Tax Portal Security Flaw Exposed Taxpayer Data
    October 10, 2025

    India's Income Tax Portal Security Flaw Exposed Taxpayer Data

    A security flaw on India's official income tax e-Filing portal allowed logged-in users to access other taxpayers' confidential data, including bank details and government ID numbers, by manipulating web requests. The vulnerability, identified as an insecure direct object reference (IDOR), was rep...

    Read More »
  • 64M McDonald's Job Chatbot Logs Exposed by '123456' Password
    July 13, 2025

    64M McDonald's Job Chatbot Logs Exposed by '123456' Password

    McDonald's job application chatbot, McHire, exposed sensitive data from over 64 million interactions due to weak credentials ("123456" login) and an insecure direct object reference (IDOR) flaw. The chatbot, Olivia, collected extensive personal details (names, addresses, test results) for 90% of ...

    Read More »

Related Topics

security researchers (1) petco response (1) government response (1) third-party vendor risk (1) vetco clinics (1) vulnerability fix (1) personal data exposure (1) google indexing (1)