It has been revealed that customer personal information was left exposed at the prominent sandwich franchise brand 'Subway.'
According to Chairperson Choi Min-hee of the Science. ICT. Broadcasting. and Communications Committee of the Democratic Party of Korea on the 30th, a security vulnerability was found in the online ordering system through Subway's website and mobile application (app) that allows easy access to other customers' personal information. Anyone can access the order page without logging in and simply by changing the numbers at the end of the web address (URL), the contact information and order details of other customers are displayed on the screen.
In response, Chairperson Choi noted, "As a result of verifying the case, it appears that personal information has been left exposed in the same manner for at least five months."
However, it has not been determined whether there has actually been a leak of customer information. It is reported that Subway has taken action regarding the matter but has notified the Korea Internet & Security Agency (KISA) as a precaution against any unforeseen situations.
Previously, there was a case at the pizza franchise Papa John's where altering the last numbers of the URL exposed customer names, contact information, credit card numbers, and even shared entrance passwords. The luxury online platform Must It also faced controversy when a vulnerability was discovered that allowed member personal information to be accessed without authentication.