E-Commerce Platform Vulnerabilities Enable Silent Account Takeovers
/ 1 min read
🔑 Security Researcher Exposes Silent Account Takeover Vulnerabilities in E-Commerce Platform. A cybersecurity researcher, Nillsx, detailed the discovery of three interconnected vulnerabilities—Insecure Direct Object References (IDOR), Password Reset Poisoning, and a Zero-Click Account Takeover—on an e-commerce platform hosting over 300 stores. By manipulating account IDs, Nillsx accessed personal data of users and exploited the password reset feature to change store passwords without the owners’ knowledge, enabling silent account takeovers. This highlights significant security risks for all stores on the platform, emphasizing the importance of vulnerability assessments to protect user data. The researcher encourages companies to conduct thorough security evaluations to mitigate such risks.
