DPD Parcel tracking flaw may have exposed customer data

DPD Groups‘ package tracking system has potentially been exploited to access the personally identifiable details of its clients.

DPD Group, a parcel delivery service with a global presence that ships around two billion parcels annually worldwide requires customers to track their parcels by entering a parcel code and a post code.

Pen Test Partners researchers explored the system, finding that they could try out parcel codes on API calls and retrieve OpenStreetMap addresses with the recipients position on the map.

The call only returns a screenshot of the map but it is fairly easy to derive the postcode using the street names depicted.

With the parcel code and matching postcode, unauthorised individuals could access other customers tracking pages displaying delivery information.

 

The post DPD Parcel tracking flaw may have exposed customer data appeared first on IT Security Guru.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt