DPD Groups‘ package tracking system has potentially been exploited to access the personally identifiable details of its clients.
DPD Group, a parcel delivery service with a global presence that ships around two billion parcels annually worldwide requires customers to track their parcels by entering a parcel code and a post code.
Pen Test Partners researchers explored the system, finding that they could try out parcel codes on API calls and retrieve OpenStreetMap addresses with the recipients position on the map.
The call only returns a screenshot of the map but it is fairly easy to derive the postcode using the street names depicted.
 
The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY
Follow Us
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
© 2015 – 2019 IT Security Guru – Website Managed by Calm Logic
This site uses functional cookies and external scripts to improve your experience.
Privacy settings
Privacy Settings / PENDING
This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.
NOTE: These settings will only apply to the browser and device you are currently using.
GDPR Compliance

source

You May Also Like

Unique cyber-attacks declined for the first time in 3 years

New data has found that unique cyber-attacks have declined for the first…

DatPiff’s users’ data available on hacking forum

Around 7.5 million DatPiff users‘ account credentials and emails are available to…