Kids Pass tries to explain why it gave folks reporting the security hole the virtual middle finger
A UK web biz has been slammed for blocking people on Twitter just for reporting a security vulnerability that potentially leaked people's contact details.
Kids Pass – a Cheshire-based outfit that offers more than 500,000 folks discount vouchers for family activities – was alerted over the weekend, via Twitter, that its code was insecure.
By making a simple tweak to a URL on the site while activating an account, someone could get access to strangers' personal information.
The signup process goes as follows:
A new member goes to kidspass.co.uk and inputs their details and credit card number on the site, and clicks a button join.