KLM leaked data customers: private data easily collected

I know that automatic translation has gotten pretty good, but there&#x27;s still an uncanny valley that leads to confusion in the comments, as happened here. So please don&#x27;t post automatic translations.<p><a href="https:&#x2F;&#x2F;hn.algolia.com&#x2F;?dateRange=all&amp;page=0&amp;prefix=true&amp;query=by%3Adang%20english-language%20site&amp;sort=byDate&amp;type=comment" rel="nofollow noreferrer">https:&#x2F;&#x2F;hn.algolia.com&#x2F;?dateRange=all&amp;page=0&amp;prefix=true&amp;que...</a>

Looks like they blocked the NOS office afterwards (not during, or there wouldn&#x27;t have been this much of a problem): <a href="https:&#x2F;&#x2F;mastodon.social&#x2F;@schellevis&#x2F;111600856003113225" rel="nofollow noreferrer">https:&#x2F;&#x2F;mastodon.social&#x2F;@schellevis&#x2F;111600856003113225</a><p>Can&#x27;t be the subject of any negative news stories if you block all the journalists, right?

I recently was shocked when using my banking app, you type the account number of another customer at the same bank (6 to 7 digits) and the app will fill out the name of the account owner (and ask you to check it is the person you want to send the money to), I really felt at unease by it and hope they limit this kind of lookup to a certain number of requests per user&#x2F;day or someone could easily get access to all of the bank&#x27;s customer names and their respective account number, this would be insanely dangerous.

Anyone who uses the phrase &quot;we take security seriously&quot; after doing something so basically wrong should go to prison.<p>These aren&#x27;t new or advanced or zero-day, they are well-documented types of vulnerabilities that have existed forever. If you are struggling with short text messages then buy a shorter domain name and keep the codes longer and less guessable.

It appears the short &#x27;magic link&#x27; was along the lines of <a href="https:&#x2F;&#x2F;www[.]klm[.]nl&#x2F;s&#x2F;AbCdEf" rel="nofollow noreferrer">https:&#x2F;&#x2F;www[.]klm[.]nl&#x2F;s&#x2F;AbCdEf</a>

Six characters.. makes you wonder how this made it into production with no one sounding the alarms

The headline doesn’t seem perfectly accurate (aside from being grammatically incorrect). This issue was discovered by security researchers, and there’s no evidence it was actively exploited by real hackers. (If it was, KLM would have to report it to the authorities, and then we’d surely know about it)