Categories: NewsSecurity

Major Online Retailer Let Customers Authenticate Without a Password for Over a Year

Everyone in the world is well aware of how consumer privacy is only taken semi-seriously by most service providers. Some companies do a better job than others, but there are very troublesome exceptions on the other end of the spectrum as well. One Hong Kong-based online retailer feels password protection is optional. Users can sign into their private account by just providing an email address. This platform is evidently asking for trouble.

A Bad Password is Better Than no Password

We live in the year 2017 and for some reason, there are still sites who feel passwords are an optional security measure. While it is true a lot of consumers use

terrible passwords to protect their accounts and information, the option should always be there as a minimum security measure. Strawberrynet, a well-known Hong Kong online retailer, feels passwords are a thing of the past. Instead, they let users log in with just an email address, which is anything but secure.

It is unclear why the company cares so little about customer privacy, though. Considering the platform is often visited by people who want to buy things – and store their payment information accordingly – such a lack of protection is absolutely disgusting. An express checkout feature is one thing, but not asking for any form of proper authentication is just mind boggling.

One could argue this is a temporary measure which is currently being addressed by the Strawberrynet site developers. Unfortunately, that is not the case, as the entire platform has been built purposefully to avoid using passwords for the express checkout system. There is no reason anyone can justify such a decision, that much is certain. Moreover, it is impossible to comprehend no one pointed out this issue before and made a big deal of it.

Related Post

In fact, one security researcher started investigating the platform in August of 2016. By correctly “guessing” an email address, he was able to view that particular customer’s name and address, as well as home and mobile phone numbers. Thankfully, no payment information was exposed, even though this clear lack of protection is still quite worrisome. Moreover, the researcher could modify existing account data except for payment information, which is not a good sign.

Don’t be mistaken in thinking Strawberrynet is not aware of this problem. The researcher reported his findings to the company, who promptly replied how “authenticating with just an email address provides sufficient security.” Such a lackluster stance toward proper consumer information protection is absolutely unacceptable. The company started obfuscating customer information, but a click “View Source:” of the web page still shows sensitive information stored in clear text values.

After facing a ton of public backlash for this security issue, it now appears Strawberrynet will finally let customers opt-in to enable password security. It only took them nearly a full year to finally implement a security feature which should have been present from day one. Anyone who takes their online privacy seriously and uses Strawberrynet for shopping purpose should move to a different platform asap.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Top Secrets to Identifying the Best Crypto to Buy This Week Before It’s Too Late!

In a world where the digital economy is growing at lightning speed, the race to…

12 hours ago

NYC Entrepreneur Wins Big with BTC: BlockDAG Could Be Next

Mia Sanders, NYC Entrepreneur, Made Millions by Investing in BTC: Could BlockDAG Be Next for…

1 day ago

Miami Artist Earns $5.2M with Solana: BlockDAG’s Future Prospects?

A Miami Artist's $5.2M Solana Success: Does BlockDAG Hold Equal Promises for 30,000x ROI? Success…

2 days ago

Chainlink And Aptos Investors Migrate To The Presale Of New Crypto Instant Funding Prop Firm FXGuys ($FXG)

Recent market trends show that the new DeFi coin, FXGuys ($FXG), has been the go-to…

2 days ago

Polkadot Price Prediction; Can XLM’s Rally Hold Strong as New Crypto Brings Passive Income? 

Curious about where the Polkadot price is headed? Or maybe you’re wondering if XLM’s rally…

2 days ago

Best Crypto Presale to Watch: Could This Be the Next 9000% Breakout Star?

Any investor can achieve outstanding profit by selecting the best crypto presale in the growing…

2 days ago