Adele fans have complained that a problem with a ticket buying website led to them seeing the personal details of other people’s shopping baskets, including their credit card information.
The British singer is set for her first tour since 2011 and eager fans took to ticketing site Songkick this week keen to see their idol perform in various arenas around Europe next year.
However, one, Kiran Farmah from Birmingham, tweeted that she was presented with someone else’s personal details.
“Got through to buying tickets but it came up with someone else’s screen with their card details & home address for SSE,” she wrote.
Another, Emma Harris from Woking, told the BBC a similar tale.
“After queuing for an hour and half, we clicked the tickets we wanted [and] got pushed through to another screen but different tickets were selected,” she said.
“We went with these anyway because we thought otherwise we’d lose out. But when we got to the next screen, where you fill in your details, all of the boxes were already filled in with somebody else’s name, somebody else’s address and somebody else’s credit card number.”
Songkick apologized for the error, although it’s still unclear exactly what happened to expose users’ personal information.
“Due to extreme load experienced this morning, some of our customers were incorrectly able to preview limited account information belonging to other customers,” the firm said.
“We take the security of our users and Adele’s fans very seriously, and we apologize for the alarm we have caused to those purchasers who experienced issues.”
Paul Farrington, senior solution architect at Veracode, argued that the snafu was down to a “failure of security design and process.”
“It’s very likely that a combination of code review and Automated Static Analysis would have uncovered this problem before Adele arrived back at the top of the charts,” he added.
“Testing automation can help assess sites in minutes, giving developers peace of mind before their software encounters the public. Adversaries will be watching for other sites that use the same underlying ticketing technology to see if this discovery facilitates further data leakage.”
SOURCE: Phil Muncaster