Connect with us

Views and Ideas

Gorillas supermarket delivery service – Data security

Published

on

DATA SECURITY
Spread Articles to Your Friends

 Data security is a rule and practice of preserving digital information from unauthorized access, digital corruption, or theft activity its entire lifecycle. In the age of digital transformation, this data security is essential. In the digital age, data security is a must. We have seen that when any business organization shares this kind, it can increase cybersecurity risks in countries worldwide. In addition to providing information on customer activity and incident response capabilities, our customers expect us not only to produce an accurate assessment of how well we anticipate threats in order for them to get better responses. The customer asks for privacy. The customer asks for privacy. They don’t want to share their private data. But they also expect that when the company is no longer required by law or regulation, it will continue to protect them in a way that protects both customers and providers. The customer asks for privacy. They don’t want to share their private data. That’s a reasonable expectation, explaining that the law is aimed at protecting customers’ rights — necessarily keeping them safe.

Security experts prove that the Gorillas delivery service has glaring deficiencies in data security. 200,000 customer data records could be read out without any problems. The gap is said to have been closed in the meantime. At the Berlin delivery service Gorillas, so-called pickers put together the ordered goods, which are then delivered by the so-called riders by bike. That should happen in under an hour from order to delivery. The service is popular and already active in more than 15 cities in four countries.

A recently completed financing round brought the startup another 290 million US dollars into the coffers. The service plans to use the money to expand into 50 other cities very quickly. Other countries, including the USA, are now to be opened up. Rapid expansion often suggests rapid, often too rapid, development of critical software. The experts from Zerforschung wanted to check the service for this very factor and came to unexpected results very quickly. The researchers found a lot of background information on the developer structure behind the Gorillas app by simply logging the data traffic that the app triggers on the end device and looking at the source code of unprotected HTML, JavaScript and configuration files. But they also found loopholes that would have allowed scamming and phishing. The most impressive discovery is probably that it was possible with any valid access ID of a customer to access all stored customer, order, and delivery data via the GraphQL client. With this and with the possibility, which was also found, of sending e-mails via a service provider on behalf of gorillas, a perfidious scam would be possible. Research outlines a scenario in which customers’ credit card details are being fished out by tricking them into thinking they were last ordering on xx. There were difficulties with the payment for this and that product and with a total value of xx euros. The customer should please go to URL XYZ and reconfirm their card details there. The danger of this with a potential of around 200,000 customers is obvious. Customers are not safe with their privacy.

Continue Reading
Advertisement
Comments
Shares