sb-nz logo
Story image

Online retailer Mighty Ape fixes wishlist privacy flaw

07 Feb 2019

New Zealand online retailer Mighty Ape has been quick to 'fix' issues that publicly shared some customers’ birthdates and product wishlists.

Mighty Ape has more than 250,000 customers and sells a range of technology, clothing, games, books and puzzles, music and other items.

One of its account settings allows customers to add products to their ‘wishlists’ for future review or purchase. Users can choose to keep these wishlists private or public – although it seems many were unaware those options existed.

Last week users on various forums including Reddit and GamePlanet alerted others to the fact that Mighty Ape wishlist privacy settings were, in some cases, public and available for anyone to see.

Public information included names, emails, birthdates and all products available on a user’s wishlist. 

While the issue only affected those whose wishlists were public (either by choice or by default), Mighty Ape quickly moved to rectify the issue.

Yesterday (February 6), Mighty Ape sent an email titled We're improving our Wish List privacy settings to users stating that the company had fixed the issue. The email says:

“Protecting the interests of our customers is extremely important to us. From today onwards, all new Wish Lists will be created as private by default. Customers will still be free to share links to their Wish List with loved ones, but their list will not show up in our 'Find a Friend's Wish List' search.

“We have also removed the year from the birth date field in our search results. Additionally, you must now opt-in to showing your birth date from the 'Edit List' menu on each of your Wish Lists. The purpose of the birth date is to make it easier for people to identify a Wish List as yours, but we understand this information can be sensitive.

“To give everyone the opportunity to decide if they would like their Wish List to be searchable; all existing Wish Lists have been set to private.

“If you would like your Wish List to remain private, you don't need to do a thing. If you would like your friends and family to be able to search for your Wish List, you will need to navigate to your Wish List, scroll to the bottom of the page and click 'Make my Wish List public'. Your Wish List will then be viewable from the 'Find a Friend's Wish List' page if someone searches for your full name or your email address. Each Wish List has its own independent privacy settings so you will need to update each list individually.”

Story image
WatchGuard names new regional director for A/NZ
Anthony Daniel says, "I look forward to continuing to drive our business strategy, grow our channel and to supporting business growth Australia and New Zealand and the Pacific islands."More
Story image
Enterprises underutilising security tools, causing teams to burn out
The report unveiled a lack of meaningful ROI metrics when reporting on security progress, as well as disparate opinions on objectives, tool effectiveness and security awareness amongst the organisation between executives and operations on security teams.More
Story image
WatchGuard uncovers top cyber threat trends of Q4 2020
“The rise in sophisticated, evasive threat tactics last quarter and throughout 2020 showcases how vital it is to implement layered, end-to-end security protections."More
Story image
Infrastructure-as-code, and how it can secure the cloud
Bridgecrew recognised IaC early on as one of the best ways for modern teams to delegate security ownership to individual contributors while distributing it across existing frameworks within CI/CD pipelines. This attribute meant that IaC was invaluable in securing cloud-native environments.More
Story image
Addressing the challenges of least privilege access
Enforcing the right privilege policies across the environment with the right visibility and observability will ensure that the policy mandates hold tight against any behaviour changes.More
Story image
ThreatQuotient hits $22.5m in new financing, continues growth streak
“Since we first invested in ThreatQuotient in 2017, their team has continued to prove to the market that there is a critical need for cybersecurity solutions aimed at security operations."More