Wednesday, 2 October 2013

Security Flaw at Tradus.com

Your personal information is at risk when shopping at Tradus.com website.

After a routine visit to Tradus.com, I thought of recharging my mobile from my iPad with the promo code "MOTAB1". After selecting the provider, I authenticated using my Facebook account to recharge my mobile. Soon after clicking "Proceed" button on shopping cart (Step 1) I see some others contact details (i.e. Shipping and Billing addresses) instead of my (logged in) address (i.e., on Step 2).

I think this is a major security flaw at Tradus shopping site. This way there is a potential risk at customer's personal information. Tradus is loosing its credibility.

Try this at home ... If you don't believe me.

Screenshot:



Mothukuru Sreenivas
www.msreeni.com

*******************************************************************************

Tradus Privacy Policy

*******************************************************************************
At tradus.com, we believe strongly in protecting the privacy of your personal information, and in using it only in ways that have been notified to you. This Privacy Policy is a legal document which principally sets out what personal information we collect and retain, how we use it, whom we may disclose it to, the security measures we take to protect that information, and how you can correct inaccuracies in the personal information we hold. You should read it in conjunction with the tradus.com Terms and Conditions.

If you have questions or concerns regarding this statement, you should contact tradus.com's customer service

The full policy is displayed below :

ibibo respects your privacy and recognizes the need to protect the personally identifiable information (any information by which you can be identified, such as name, address, and telephone number) you share with us. We would like to assure you that we follow appropriate standards when it comes to protecting your privacy on our web sites.

In general, you can visit the Website without telling us who you are or revealing any personal information about yourself. [We track the Internet address of the domains from which people visit us and analyze this data for trends and statistics, but the individual user remains anonymous.]

Some of our web pages use "cookies" so that we can better serve you with customized information when you return to our site. Cookies are identifiers which a web site can send to your browser to keep on your computer to facilitate your next visit to our site. You can set your browser to notify you when you are sent a cookie, giving you the option to decide whether or not to accept it. The information we collect and analyze is used to improve our service to you.

There are times when we may collect personal information from you such as name, physical address or telephone number. It is our intent to inform you before we do that and to tell you what we intend to do with

.............................................
..........................................
...............................
.......................
.............
........
....

© 2013 Tradus.com. All rights reserved. Policy - Contact Us
*******************************************************************************

1 comment:

  1. Hey Shweta,
    Although I spoke to you on phone ... just want to make it clear that nobody hacked your Tradus account. It is a security bug at Tradus.com. fyi - I marked your address and billing fields in black color in the attached image. If not at Tradus ... your personal information (house address, phone number, etc.) is atleast safe with me. Rest assured. Enjoy and happy shopping at secure shopping sites :)

    -Sreenivas

    ReplyDelete