User’s Privacy
Hello readers,
I am Dhruval Shah, Certified Ethical Hacker also a Bug Bounty Hunter, currently pursuing my final year of engineering in Computer Engineering. This is my first blog,bear with me as I unfold my fresh thoughts/arguments.😅
Recently, I found a vulnerability on a website, and also tried to report them by mailing all the concerned authorities, but what I saw is none of the associates were bothered about this vulnerability and I think they do not value privacy. The vulnerability includes “Account Takeover”.
Account Takeover :- Account Takeover (ATO) is a form of identity theft where a fraudster illegally gets access to a victim’s bank, e-commerce site, or other types of accounts.
I found out this vulnerability and reported it to the concerned authority. Others might not be the same,hey might exploit this vulnerability and cause malicious activities.
Above is the chat with one of the customer care associates which I tried reaching via the live chat option available on the website.
Later I thought of contacting directly to the higher authorities regarding this matter so that they can take immediate actions on it.
Above is the conversation between Me and the Head of E-Commerce & Digital — Mr. Atul Shivnani. Since I can’t explain or share everything by mail, I asked him to contact me on my personal number so I can give him all the further details. But again I found the same thing as the other customer associates did earlier. No reply.
So, one of my mates suggested writing a blog on it and make it public, so at least all the voices together can reach their deaf ears.
Apart from the malicious activities that others can do, it is very important for any company to respect the integrity and privacy of the people associated. I would like to ask thebodyshop company representatives to contact me on the below-mentioned options:
Linkedin: www.linkedin.com/in/talktodhruvalshah
Email: dhruvalshah921@gmail.com
If not contacted within 30 days of publishing this article, I have no option but to make this vulnerability public.
Thank you for reading.😊
UPDATE 1: After the blog was written publicly, I was contacted by Chief Information Security Officer, but when I tried replying to his email id I received an error message from the Mail Delivery Subsystem saying ”address not found”. Also, I tried reaching Mr. Atul Shivnani but what I found is he has BLOCKED my email address.
UPDATE 2: Thank you everyone for supporting me and the blog as well.The vulnerability has been accepted by the organization and will be fixed sooner.
