Error-bnb: Techies scramble to fix Airbnb website bug that let strangers read each others' account messages Airbnb says it has fixed a baffling bug in its website that briefly caused some of its users to be shown messages belonging to others when viewing their account inboxes. The rent-out-your-home app maker said the problem occurred on Thursday between 0930 and 1230 PT, and affected punters who were logged into its desktop or …
"We're on the phone with Airbnb who at first was just like, clear your cookies."
I guess first-line tech support are first-line for a reason... but the horror if this could have been caused simply by cookies....
The (or a, now) golden rule.... never trust the client.
Indeed. If I had heard that I would have replied that if my cookies allowed me to see other people's data, then the problem is a lot bigger than I would have thought.
"Hello, bank ? I have access to your CEO's account."
"Clear your cookies and call back."
"Really ? Well don't mind if I make a transfer first."
Ridiculous.
The thing is, for almost any website which has a significantly large and global number of users, the majority are NOT using the system at any point in time.
And so a problem which would affect ALL users will actually only be affecting a "small subset" - even if that happens to be 100% of all those actually using the system during the affected period!
The worrying thing about platforms is that no matter how good their techies, or their software, or their infrastructure, or their testing, or whatever else, all it takes is for one little thing to go wrong in an entire stack of interconnected software and hardware and suddenly there are issues. There is often no such thing as genuinely safe data (even when it is encrypted, as the platform still needs to be able to decrypt it).
How happy would the public be if they *really understood* that the difference between their information (with it's myriads of public/private settings, two-factor, encryption, and so forth) and a breach could be nothing more than a single bit/byte flag somewhere being incorrectly set.
They naively imagine that private stuff is kept separate, as if the digital version of a vault is somehow similar to a physical one. Years of private social media use, porn habits, banking records, the whole lot is as fragile as one bad line of code or dodgy cache or misconfiguration slipping through the net.
Our future privacy is extremely fragile, even when entrusted to the best of the platforms (not specifically meaning Airbnb here).
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
