Unyoked from data privacy...
Christopher Talke Buscaino
If you know how to press a key combination of CTRL + SHIFT + I in a web browser, you'll be able to access most of unyoked.co business information and private customer data... let me show you in a few simple steps...
- Visit their website...
- Press
CTRL+SHIFT+I - Click on the
Applicationstab - Click on
Local Storage - Click on
unyoked.co - You now have access to leaked business and customer data...
With a few clicks, you can find out where Tegan from Hawthorn will be travelling to on the 19th May 2022.
Creepy right? The code developed for unyoked.co is forcefully storing this data on your computer, and all you need to do is visit their homepage.
I repeat, there was NO hacking, there was NO password stuffing, this required ZERO sql injections... all you need to do is simply visit their website, open development debugging tools and you can get access to this information. Another thing to mention is that this data will be accessible on your computer until you either delete all your browsing history or you physically destroy your computer.
I'm not going to dive into anymore information about how this is actually working, what implications this has for unyoked and their customers, or the number of other security issues this website has because it just hurts.
I just needed this to be out there as I've tried to get in touch with the guys from Unyoked before (see below) to get this fixed... and I'm not seeing any action.
I was told the following " we've discussed it with our developers ... we're having a further meeting with them to review their assessment and next steps from there.", however, almost twelve months on it has only gotten worse.
The sad part is... I really wanted to use their service, but after accidentally stumbling on this, and seeing how it has been handled... they've lost a customer.
