solarforceflashlight-sales.com - member list accessible by public

Deleted

Well that sucks.

Edit: Found myself, and a couple of others I know by name. Gonna see if I can delete my account now…
Edit2: Couldn’t delete, so changed my name to initials. (tip: log out and back in to confirm the change).

Edit3: I recommend everyone do this to ensure their real name stops being crawled in association with their PP account email.

I did a check like that before too with my first name + surname and then with my surname.

My surname is a common one in the muslim world so nothing gets related to me. With my complete name, I was finding it a bit disturbing that my every likes and talk in public groups in facebook was being available on google. So I just changed my real name to a pseudo name on facebook. Problem solved.

I stopped buying from IOS after its security blunder. I will stop buying from SF Sales now as well.

Leaving the customer list visible like that is a massive snafu. SMH.

Its an Admin page of some kind. Sadly changing your details doesnt seem to work, not immediately at least. I tried it a couple of hours ago, cleared my cache, still comes up with my original reg name. Might work eventually though so its still worth trying it.

Lucky for me, I never use my full name anyway.

I'm thinking the admin forgot to tell Google not to cache the page, so Google has cached a page meant to be accessible only by admin rights.

Its accessible directly from solarforceflashlight-sales.com. Its not just a google cache copy.

Seems to be fixed.
~ edit ~
(link deleted) Might still be vulnerable.

Still coming up on Google though

Its going to come up on google until they crawl solarforceflashlight-sales.com again.

Free DIY website design?

http://www.webs.com/

They have about 564*15 = 8460 buyers :slight_smile:

Don't spread the word...let them solve this asap before more people can "use" this..

Please dont post on other forums yet.

I hate to make accounts with these stupid vendors .I just pay with paypal and avoid their silly promotions ,points etc . the fact they ask for your phone number is just retarded .i've never given the correct number yet ... Welcome to the internet .

Wrong.

I found myself on their list, and without being logged in in any way, I am able to see the name, email, physical address, phone number, and full purchase history of every user on the list. It looks like I can also edit their accounts, though I didn’t try to save any changes. It seems that other admin functions are available too, simply by following the link from google.

For that matter, it seems I have access to edit their product listings, authorized dealer lists, … Hey, looks like someone else has already edited that; they added an entry which is an all-caps profane insult.

Hmm. Looking around further, it seems others have probably noticed too. Check out their news page:

I think it’s safe to say it’s totally broken and they need to fix it ASAP.

Edit: When I checked the news page again, the article asking their admin to fix the admin access was gone. Looks like someone there is probably working on it.

Guess it’s good I couldn’t buy direct from them, ended up buying from their Ebay store.

Message from SolarForce. It would appear that my name no longer comes up.

Dear friend,

Thanks for your email and nice to have a chance to serve you

Deeply apologize for any inconvenience caused and we have already fixed
the problem immediately.

Thanks for notifying us about the problem of able to search your email
and name in google search

WE have immediately contact the server Admin for the bug discover, and
they have immediately fix it just now, you can check the link is not
able to access now

After fixing the bug, you will not able to click the link and access
the admin page

I show my deeply apologize there.

Furthermore, we have also email google to let them delete the search, I
think they get back to us and action upon once they get our mail

WE do the best for all of you and sorry for any inconvenience caused.

Have a nice day and thanks for notifying us once you discover the bug,
thank you from my bottom of my heart

Regards

Jo

Got the same message from them. Emailed them telling them to fix it and it looks like they did. Asking Google to fix/update the search was an extra step.

Someone made a mistake, and they quickly resolved it when informed. Good for them.
Will this stop me from shopping there? No, if they have something I want I’ll still get it.
It will make me reconsider putting my full name on any of these online sellers. Even considering revising all of my online accounts, but not sure I need to go that far yet.

Like you said, they acknowledged the mistake and quickly fixed it. I haven’t bought anything there for a while, but I don’t see why I shouldn’t continue to do so. Their prices and customer service is pretty good.

As for my online information, I guess that is the price we all pay when we do shop online. We hope that these online stores have it in our best interest to make sure our information does not go to those who are not meant to get access to it. It just happens to be, things like this just happens.

Same email here too.

Its always wise if you ask me. Even with CC companies and PayPal there is limited security so a website is bound to have less than ideal security. Any step you can take to minimise risk makes it harder. They dont need your full name anyway, Mr Whatever your last name is should be ample.

I will buy from them again, probably not too long from now, but it was pretty sloppy if you ask me. Especially when you consider the extra access Toykeeper and Helios managed without trying too hard, and without malicious intent.