Ah.nl accidentally released login password of ten thousand accounts

Nov

9

2018

– update
The site of Albert Heijn unintentionally released the log-in names and password of some ten thousand users to service providers, in an url. AH informed affected users by e-mail. They must set a new password.

According to Albert Heijn, the login names and passwords were ‘briefly’ visible in urls. This was due to a programming error in the software that makes login to the site possible. According to the spokesperson of AH, the data have only been provided by service providers. AH has asked those providers to delete the data.

“No unusual activity was observed with regard to log-in data or user accounts,” says Albert Heijn. As a precaution, the supermarket chain has blocked the passwords of the relevant accounts, so that the affected users must set a new password. For this they must request a link via ‘Forgot password’.

Recently users can log in to ah.nl with their Bol.com address. The speech from Albert Heijn emphasizes that this information has not been released due to the programming error.

Albert Heijn has reported the data breach to the Dutch Data Protection Authority.

Update, 12.17 : The AH spokesperson reports that data from Bol.com accounts were not part of the data breach. The company also reports that only certain service providers could see the login names and passwords via the url and that the data about https were sent and therefore encrypted. This was initially different in this article. The data can not be found unencrypted in the logs via public Wi-Fi networks.

Viewing:-44

In: A Technology & Gadgets Asked By: [20969 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »