Pizzahut Malaysia has this so called online ordering system. It has a very bad security feature: once you key in a valid phone number which has ordered before, you will be able to see the personal information: Name, Address and comments (which Pizzahut uses to send the pizza to your doorstep), no verification needed!
How to test: Go to https://www.pizzahutonline.com.my/, under REGISTRATION, click Register and then key in a phone number which has been used previously to order from Pizzahut.

I have tried key in 3 numbers (old house, current house and office), all three return me the personal information of the person ordering.

This sucks big time! Imaging someone program a little software to loop all the phone numbers and get all the personal information they want and sell them to scammers (high court scam/lottery scam/kidnap scam)?

Little suggestion here: at least make the need of verification (thru SMS/land line) before you show the personal information, Mr. Pizzhut!

Popularity: 7% [?]

    Add to del.icio.us    Digg it    Fark it!

Related Articles

• What You Say, Singapore Government
• DiGi Malaysia Website Error
• Laman Web Malaysia Boleh (Malaysia Can Websites)
• Dell Website Error: XML Error: Start Tag Not matched With End Tag
• Malaysia KLSE IPO Listing

Latest Articles

• Who Design Nuffnang Site?
• Sample Letter To Terminate Your Slow Streamyx Account
• Malaysia KLSE IPO Listing
• G310M vs G330m
• Letter to Employees
• Reinvest-Key to Success?
• Water Jelly Experiment
• Sixthseal Coca Steamboat Set Meal Giveaway
• Not Your Average Super Hero
• Fishing My Way To Made Of Honor

	Web www.iTechBlog.com

RSS 2.0 | response | trackback