If you know how to press a key combination of
I in a web browser, you'll be able to access most of unyoked.co business information and private customer data... let me show you in a few simple steps...
- Visit their website...
- Click on the
- Click on
- Click on
- You now have access to leaked business and customer data...
With a few clicks, you can find out where Tegan from Hawthorn will be travelling to on the 19th May 2022.
Creepy right? The code developed for
unyoked.co is forcefully storing this data on your computer, and all you need to do is visit their homepage.
I repeat, there was NO hacking, there was NO password stuffing, this required ZERO sql injections... all you need to do is simply visit their website, open development debugging tools and you can get access to this information. Another thing to mention is that this data will be accessible on your computer until you either delete all your browsing history or you physically destroy your computer.
I'm not going to dive into anymore information about how this is actually working, what implications this has for unyoked and their customers, or the number of other security issues this website has because it just hurts.
I just needed this to be out there as I've tried to get in touch with the guys from Unyoked before (see below) to get this fixed... and I'm not seeing any action.
I was told the following " we've discussed it with our developers ... we're having a further meeting with them to review their assessment and next steps from there.", however, almost twelve months on it has only gotten worse.
The sad part is... I really wanted to use their service, but after accidentally stumbling on this, and seeing how it has been handled... they've lost a customer.