720,000 order data leaked, Blokker website bug lasted for months!

Blokker Holding is an omnichannel retailer in the Netherlands. It owns 2,825 chain stores and is vigorously developing the e-commerce economy. It is currently active in twelve countries .

Recently, Blokker was exposed to a major bug on its website , which resulted in the leakage of order data and information of hundreds of thousands of customers, and this situation lasted for several months.

A large amount of information was leaked, involving 720,000 users

Customer Loek van Tongeren, who wanted to order windshield wipers on the Blokker website , discovered the problem while ordering last week.

Initially, he tried to order online via his mobile phone but cancelled the transaction midway as he preferred to use his computer for remote banking payments. But when he logged in again on his computer, he noticed that the €11.50 had been deducted even though he had not yet placed the order.

Loek said that although the money was later fully refunded, another problem also arose. When he checked his order information, he found that any user could browse other people's order data just by changing the order number . Not only can you see exactly what products other customers have ordered, but you can also track the names and address details of these customers, as well as phone numbers .

Eventually, Loek disclosed the incident to the media Opgelicht , which attracted a lot of public attention. It is understood that the current order leak case involves 720,000 online customers , whose information has been exposed on the website in recent months.

If data is downloaded, the risk of fraud is high

Regarding the order information leak, Blokker said that the data leak occurred when transitioning to the new website . At present, the website vulnerability has been completely fixed and the incident has been reported to the Dutch Data Protection Authority .

Blokker apologized to its customers and said it would do everything it could to prevent future leaks, but did not disclose the number of customers that might have been affected .

A Blokker spokeswoman said : " We are not aware of any misuse of data . " She also stressed : " In no case do customers' banking or payment details have access to it. "

Hiding bank card information reduces the damage to customers to a certain extent, but it does not mean there is no danger. It is reported that the leakage of a large amount of order information poses a huge risk of identity fraud . For malicious groups with fraudulent intentions, this incident is undoubtedly "giving roses to others" .

Hacker Sijmen Ruwhof said about the " data leak " that hackers were able to retrieve all the data from more than 720,000 orders in one day and download it . Moreover, it is easy for even amateurs to do it , so it is very dangerous.

But Ruwhof added that the leak was easy to fix , so retailers need to pay more attention to website operations and do a good job of daily maintenance to avoid similar incidents.

Blokker

data

Give way