Researchers have used Twitter to alert Kids Pass, a Cheshire-based (that’s in the UK for all non-British readers) online voucher business, that its sign-up page allows unscrupulous users an easy opportunity to grab other people’s contact details. Was Kids Pass grateful for the heads-up? Not exactly. It responded to this helpful tip-off by blocking them on Twitter – at least temporarily.
Kids Pass (shouldn’t it have an apostrophe somewhere?) offers family activity discount vouchers to about half a million customers. Eagle-eyed voucher-seekers spotted that anyone logging in only needed to tinker slightly with a URL to gain access to other users’ personal data.
Kids Pass claims that it is installing new security measures on par with anything at Facebook or Tesla. The Information Commissioner’s Office (ICO) has been informed and is looking into the incident – including Kids Pass’ mediation steps.
It goes to show that it’s worth thinking twice about where you set up online profiles and accounts – is your information secure? What kind of information are you being asked to enter? If you can avoid sharing your credit card details, do it – one could argue that the risk of having them swiped is not worth the two minutes you save when entering your details for individual purchases.