The UK’s Royal Mail Click & Drop service shut down on Tuesday after being made aware of a situation where some customers could see other customer’s orders.
Click & Drop gives Royal Mail’s customers the ability to buy and print postage for orders online. Royal Mail provided no details of how many customers’ data may have been compromised.
It is unclear what caused the issue, other than Royal Mail’ saying it came about following a “technical problem” and that it was working on fixing the “IT systems issue.”
From reactions on Twitter it appears customers logged into their own account then had access to other customers’ account information, current orders, and order history.
Tweets from Click & Drop customers saying they saw other customer’s information”>
For many customers, especially small and medium sized web shop owners, the Click & Drop service is essential. Unfortunately, it took Royal Mail several hours to investigate and fix the issue. And even the next day some customers were still unable to log in to Click & Drop. They were advised to solve the login problems by clearing their browser cache and cookies.
Three days later, users are still complaining about Click & Drop not processing payments, or getting double bills.
If further details become known we will keep you updated here.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.