Blog

Staples May Have Exposed Some Of Its Customer Data

Sep 28, 2020 | Blog

If you’re a customer of US retail chain Staples, you may have recently received a notification from the company regarding a problem with their Order Tracking system.

According to information in the notification, the data was left exposed due to insufficient protections of the data stream accessed when a customer clicked to review their current and past orders.

The company stressed that to this point, there is no evidence that any exposed data has been accessed by third parties and no unauthorized purchases have been detected.

Although the company has now fixed the issue, the lack of specifics in the company notification led to speculation that the company may have been hacked. This speculation was given teeth by a recent tweet from the threat intelligence company, Bad Packets. They revealed that Staples was slow to patch a number of their Pulse Secure VPN servers, which were vulnerable to CVE-2019-11510.

Although the company has neither confirmed or denied the claim made by Bad Packets, the company outlined an all too plausible way that a hacker could have accessed order data, including the order’s shipping address.

Here’s how that could have happened:

Staples’ order tracking portal allows you to enter in your zip code and order number to track your package, but the order numbers are sequential. So starting with an exposed order number, a hacker could access the route of a package to the city and state, which would give them a short list of possible zip codes. Trial and error would do the rest, and the hacker would end up with your name, address, and at least some information about how you paid for the purchase, although payment card information itself would not have been exposed.

In any case, it’s all speculation and the issue has been fixed. Out of an abundance of caution, if you are a Staples customer, keep a watchful eye out on the payment card you use to make purchases from the company, and track your existing orders more closely to be sure you get everything you paid for.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech