Security Horror Story: Accidentally exposing PII data
A software development team working under immense pressure and with an unclear project vision accidentally exposed Personally Identifiable Information (PII) data. The issue arose when they added a feature to their mobile app that allowed users to claim properties, exposing the UUID of user profiles in JSON format. This leakage connected physical addresses to email addresses, compromising user privacy. The fix was simple but the aftermath involved numerous questions and paperwork. Lessons learned included implementing proper logging, reviewing data models, and promoting security awareness within the development process.
Company
Snyk
Date published
Oct. 25, 2021
Author(s)
Brian Vermeer
Word count
1008
Language
English
Hacker News points
None found.