Categories: NewsSecurity

Major Online Retailer Let Customers Authenticate Without a Password for Over a Year

Everyone in the world is well aware of how consumer privacy is only taken semi-seriously by most service providers. Some companies do a better job than others, but there are very troublesome exceptions on the other end of the spectrum as well. One Hong Kong-based online retailer feels password protection is optional. Users can sign into their private account by just providing an email address. This platform is evidently asking for trouble.

A Bad Password is Better Than no Password

We live in the year 2017 and for some reason, there are still sites who feel passwords are an optional security measure. While it is true a lot of consumers use

terrible passwords to protect their accounts and information, the option should always be there as a minimum security measure. Strawberrynet, a well-known Hong Kong online retailer, feels passwords are a thing of the past. Instead, they let users log in with just an email address, which is anything but secure.

It is unclear why the company cares so little about customer privacy, though. Considering the platform is often visited by people who want to buy things – and store their payment information accordingly – such a lack of protection is absolutely disgusting. An express checkout feature is one thing, but not asking for any form of proper authentication is just mind boggling.

One could argue this is a temporary measure which is currently being addressed by the Strawberrynet site developers. Unfortunately, that is not the case, as the entire platform has been built purposefully to avoid using passwords for the express checkout system. There is no reason anyone can justify such a decision, that much is certain. Moreover, it is impossible to comprehend no one pointed out this issue before and made a big deal of it.

Related Post

In fact, one security researcher started investigating the platform in August of 2016. By correctly “guessing” an email address, he was able to view that particular customer’s name and address, as well as home and mobile phone numbers. Thankfully, no payment information was exposed, even though this clear lack of protection is still quite worrisome. Moreover, the researcher could modify existing account data except for payment information, which is not a good sign.

Don’t be mistaken in thinking Strawberrynet is not aware of this problem. The researcher reported his findings to the company, who promptly replied how “authenticating with just an email address provides sufficient security.” Such a lackluster stance toward proper consumer information protection is absolutely unacceptable. The company started obfuscating customer information, but a click “View Source:” of the web page still shows sensitive information stored in clear text values.

After facing a ton of public backlash for this security issue, it now appears Strawberrynet will finally let customers opt-in to enable password security. It only took them nearly a full year to finally implement a security feature which should have been present from day one. Anyone who takes their online privacy seriously and uses Strawberrynet for shopping purpose should move to a different platform asap.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Plus Wallet: Top Crypto Wallet for Massive Rewards

Plus Wallet—Where Effortless Crypto Management and Rewards Align Perfectly In the world of cryptocurrency management,…

32 mins ago

Aptos (APT) and Tron (TRX) Prices Slide, As Volume Soars For Rollblock Suggesting Parabolic Rally

As Aptos and Tron prices take a recent downturn, the spotlight shifts to Rollblock, whose…

8 hours ago

Altcoins to Watch in November: Binance Coin (BNB), Rollblock (RBLK), and Neiro (NEIRO)

As the crypto markets roll into their most bullish time of year, we present three…

8 hours ago

Analysts Forecast $1 for Cardano and Lunex Network As Dogwifhat Plunges To Former Lows

As the crypto market prepares for a major rally, experts believe that two top altcoins,…

8 hours ago

Retail Traders Panic Sell During ‘Fake Dip’; Whales Hold Tight to SOL, DTX, and SHIB for a Millionaire-Maker Bull Run

Solana (SOL): A Strong Ecosystem Despite Volatility Solana (SOL) has been all over the place…

9 hours ago

Llama 3.2 Predicts Price For Dogecoin: $2 Peak By 2025 And $5 Rally For DTX Exchange This Winter

Cryptocurrency trends are keen on the forecast that was recently released by Llama 3.2 model…

10 hours ago