Updates about my life and what I learn about creating software

Michael Lynch, also known as Mtlynch, is a software engineer, blogger, and open-source contributor known for his insights into technology, privacy, and personal productivity. Readers can learn about software development, privacy tools, and strategies for managing information overload. With thoughtful essays, tutorials, and productivity tips, Mtlynch offers  perspectives and strategies for navigating the complexities of modern life and technology.

Michael Lynch

A security researcher discovered that goHardDrive, a used hard drive retailer, was exposing thousands of customer records through an insecure RMA status check system. The vulnerability allowed anyone to access customer names, addresses, emails, and order details by simply guessing sequential RMA numbers. Despite initial attempts to fix the issue by adding ZIP code and house number verification, the researcher demonstrated this was still easily exploitable. goHardDrive ultimately removed the RMA status page entirely and now handles status updates via email only.

goHardDrive Leaked Personal Data for Thousands of Customers

goHardDrive removes RMA status checks entirely 🔗︎

Sidenote: Leaks aside, this is a terrible return process 🔗︎