TP LINK – RMA Website Failure to protect customers data revealing credit card numbers details & addresses.

TP LINK – RMA Website Failure to protect customers data revealing credit card numbers details & addresses.

Link still live as of 18:33 GMT 25th January 2017

https://warranty.uk.tp-link.com/MyProduct.aspx

Earlier today i brought to the attention of TP Link UK customer services my severe concerns that my invoice for a modem i purchased was public viewable to anyone  with access to a web browser via an unprotected URL link. Luckily i purchased this modem with cash in PC World, otherwise my credit card number would be viewable online as well as my name and address making it easy pickings for identity theft.

I was returned with the following email:

 

I then decided to look further into this issue with the website security.  This website is where anyone in the UK would register a product manufactured by TP Link, and part of registration involves uploading your receipt to validate the warranty period which usually carries your name address and sometimes credit card details depending on where you purchased it.

I logged out of my account and pasted the following url into my web browser https://warranty.uk.tp-link.com/MyProduct.aspx  which I had cleared all the cookies and saved password and history. It supplied me with 2 customers invoices that could be viewed fully without any login.

Here are a sample of the customers invoices which i have redacted to protect them.

This is yet another example of a company owned and operated from China which has taken a blatant disregard for its customers privacy and security.

I urge you all to check and ask for your information to be removed from this insecure companies website, as your data is publicly available to any hacker or cyber criminal to steal your information.

 

If you need any further help or advice in this matter please feel free to contact us on the contact link and we will try our best to get back to you in a timely manner.