Recently - maybe a couple of weeks ago? I noticed that my saved multi-cam setup wasn't what it should be. I figured there'd been some sort of update to the cams and set them back to my preference and went on my way. They kept resetting to different cams and it wasn't until more recently that I noticed that I could comment on news/articles as "Kham".
I am not Kham, but I am logged into their account instead of my own. I never logged in as Kham: I don't know their password, or account details (except now I do, as per below), and haven't logged in for months - I use the "remember me" login feature. I can only assume there was some sort of mistake/vulnerability that's caused the cookies on this browser to be attributed to Kham's account instead of my own. If I log in on a different browser, it correctly logs in on my normal account.
This is concerning! If I go to "My Account" I can see a bunch of Kham's personal details, and have the power to see and change/update/cancel their subscription. This potentially includes full name, address, shipping address, facebook and google accounts, and (in this case) some paypal information but perhaps this could be either credit card or bank details if they have a different payment method. I haven't, and wouldn't, exploit this access but I can think of a bunch of ways to both irritate and cause actual harm with the access I have now.
What concerns me most is that someone else has a similar level of access to my account - or that multiple accounts have been compromised and this cookie switch (assuming that's what it is) is a side effect of someone gaining more serious access to databases or similar.
I originally sent a message through the contact us form, including the basic suggestion that all cookies should be invalidated (at least), so as to prevent this sort of low effort unintentional exploit but it's been a few days and there's been no action so here it is again on the forums: I know it's a surf website not a bank account but with someone's full name, email, home and billing addresses, and some payment details it would be very possible to ruin someone's day, or worse, and at the very least cookies should be rotated (assuming that's the actual problem).
Hi,
Recently - maybe a couple of weeks ago? I noticed that my saved multi-cam setup wasn't what it should be. I figured there'd been some sort of update to the cams and set them back to my preference and went on my way. They kept resetting to different cams and it wasn't until more recently that I noticed that I could comment on news/articles as "Kham".
I am not Kham, but I am logged into their account instead of my own. I never logged in as Kham: I don't know their password, or account details (except now I do, as per below), and haven't logged in for months - I use the "remember me" login feature. I can only assume there was some sort of mistake/vulnerability that's caused the cookies on this browser to be attributed to Kham's account instead of my own. If I log in on a different browser, it correctly logs in on my normal account.
This is concerning! If I go to "My Account" I can see a bunch of Kham's personal details, and have the power to see and change/update/cancel their subscription. This potentially includes full name, address, shipping address, facebook and google accounts, and (in this case) some paypal information but perhaps this could be either credit card or bank details if they have a different payment method. I haven't, and wouldn't, exploit this access but I can think of a bunch of ways to both irritate and cause actual harm with the access I have now.
What concerns me most is that someone else has a similar level of access to my account - or that multiple accounts have been compromised and this cookie switch (assuming that's what it is) is a side effect of someone gaining more serious access to databases or similar.
I originally sent a message through the contact us form, including the basic suggestion that all cookies should be invalidated (at least), so as to prevent this sort of low effort unintentional exploit but it's been a few days and there's been no action so here it is again on the forums: I know it's a surf website not a bank account but with someone's full name, email, home and billing addresses, and some payment details it would be very possible to ruin someone's day, or worse, and at the very least cookies should be rotated (assuming that's the actual problem).
Looking forward to hearing about a resolution,
not Kham but unintentionally using their account.