First time poster here, cause it's the first time I had something important to say.<p>I was using a site for a project. I noticed the url structure seemed too simple. So I changed a single variable (the id variable of course) and voila! I get another person's project.<p>This is not some random site, this is a funded startup back by a well-known VC.<p>Reminder to developers and investors - think about security, especially those with sensitive information.
Why haven't we learned from past mistakes? If they had read/followed HN, they would have seen this about Quiptxt http://news.ycombinator.com/item?id=1226313<p>I have notified the company of their security flaw. Now lets see how they respond.
It could be a difficult task for them as I suspect they have a lot of new customers using their service.<p>* update - I spoke to customer service and they graciously acknowledged the issue.