Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Beer Security

BrewDog Exposes Data of 200,000 Customers and Shareholders (techradar.com) 13

An anonymous reader quotes a report from TechRadar: BrewDog, one of the world's largest craft beer brewers, has exposed personally identifiable information (PII) belonging to more than 200,000 of its shareholders and customers, according to cybersecurity researchers. Cybersecurity consulting firm PenTest Partners discovered that a flaw in the official BrewDog app, which persisted for more than 18 months, made it easy for anyone to access the PII of other users. In its detailed report, PenTest Partners notes that the mobile app doled out the same hard coded API Bearer Token, which effectively rendered request authorization useless. The researchers say that, thanks to the flaw, any user could append the customerID of another user to the API endpoint URL to extract their PII and other details. In addition to being damaging to the user, the flaw could've also been used to adversely affect the company since the leaked details could've been used to generate QR codes to get discounted and even free beers. BrewDog started using hard-coded tokens with v2.5.5 of its app, launched in March 2020, before finally patching the flaw in v2.5.13 release in September 2021.
This discussion has been archived. No new comments can be posted.

BrewDog Exposes Data of 200,000 Customers and Shareholders

Comments Filter:
  • by bobstreo ( 1320787 ) on Friday October 08, 2021 @03:48PM (#61873553)

    I want free beer for a year.

  • Were the developers drunk when they wrote the app? Don't drink and code, guys.
  • by quonset ( 4839537 ) on Friday October 08, 2021 @05:04PM (#61873739)

    a flaw in the official BrewDog app

    This is exactly why I do not own a "smart" phone. Relying on programmers to create something useful and safe is an anachronism, especially when it comes to selling. Pick any company which has an "app" and you are guaranteed to find something similar. This on top of them tracking what you do.

    Just say no to "apps". Fuck the companies.

    • This is exactly why I do not own a "smart" phone. Relying on programmers to create something useful and safe is an anachronism

      he exclaimed with conviction while using a highly complicated piece of electronics running millions of lines of code while also connected to a global computer network.

    • You can have a smartphone without using third party apps. Of course, some companies don't have websites which do what an app does. Fuck 'em.

      I am always super irritated when something requires an app, and do my best to avoid it. And right now I'm using a phone without play services or a substitute, so I can't run most apps on the play store anyway... web interface or GTFO

  • by drinkypoo ( 153816 ) <drink@hyperlogos.org> on Saturday October 09, 2021 @08:14AM (#61874765) Homepage Journal

    BrewDog, one of the world's largest craft beer brewers

    Then why have I never heard of them or of literally any of their products, even though I've gone to literally dozens of beer festivals?

  • by ffkom ( 3519199 ) on Saturday October 09, 2021 @08:15AM (#61874769)
    Excuse my ignorance, but my understanding was that "craft beer" means a kind of beer that is brewed in small quantities, and often at the same location where it is sold and consumed. "World's largest" sounds more like "industrial beer production, far from any craft".
    • It doesn't mean anything really. It vaguely means handcrafted, but all beer features human intervention from brewmasters, even giant-tank beers like buttwiper. If it means anything of substance, it's "independently owned".

Time is the most valuable thing a man can spend. -- Theophrastus

Working...