Royal Mail (the UK's postal service) has a product called click and drop that allows businesses to pay for and print shipping labels online. It has some value-add features like order-syncing to make buying labels easier. Today when loading pages on click and drop it will show you details from some random account each page load. We saw details of other businesses orders and customer addresses before we logged out and called them about it. We asked another business if they noticed the same and they confirmed that they had.
A similar event occured on the Steam Store in 2015 due to a caching problem: <a href="https://arstechnica.com/gaming/2015/12/valve-explains-ddos-induced-caching-problem-led-to-xmas-day-steam-data-leaks-and-downtime/" rel="nofollow">https://arstechnica.com/gaming/2015/12/valve-explains-ddos-i...</a>
It seems like good practice is to check data retrieved from the cache is what is expected, e.g. the user id from the cache matches the logged-in user id.<p>Unfortunately, most devs don't think there is ever a need to check that until it fails.
One time years ago I visited Youtube and for a few minutes I was logged in as a different user (some guy from North Europe). I could look at their Google profile, etc.<p>It was crazy. I don't think I've ever told anyone (how would it come up?) but this reminded me of it.
Now currently down for planned maintenance.<p>EDIT: <a href="https://clickanddrop.statuspage.io/incidents/8cd3bf2qyz5h" rel="nofollow">https://clickanddrop.statuspage.io/incidents/8cd3bf2qyz5h</a>
Anyone else believe royal mail parcel details are getting siphoned off at some point and sold to scammers.<p>Every time I get a parcel through them I get a phishing sms about the parcel.
When I created Amazon account I had some French delivery address and some card. I tried to use it, but they asked for CVV. So I deleted it. And added new one.<p>The account was new and I never used Amazon before.<p>I did received the book thou.