Chief Wiggum
Member
- Joined
- Sep 16, 2013
- Posts
- 190
- Qantas
- Platinum
- Virgin
- Gold
Just now while logged into my QFF Account on the website, I accidentally clicked this hyperlinked blue bar at the top of page. (pic)
Which goes to this link https://www.qantas.com/hotels/campaigns/more-in-every-point
It opened up a new browser tab and I was surprised to see for about 3-4 seconds... the NAME & POINTS balance of another QFF member.
Then the tab updated to my details, replacing the other user' with mine.
I repeated the actions (clicking on the blue-bar) and it did the same things... this time with a different QFF NAME & POINTS.
Done it a few times now and each time the same result... a different person's details for 3-4 seconds before mine are updated.
If I'm quick enough I can even click the other person's name and see more information in the drop-down - before it converts over to my details.
Has anyone seen or experienced this before?
Seems like a serious security glitch to me - at very least giving away private information.
At worst - depending on what ELSE is happening in the background here to cause this - could allow someone far more computer knowledgeable and skilled than myself to possibly directly access the logged-in QFF account of another user... seemingly bypassing login & 2FA security measures?
Apologies if I'm being overly dramatic and if this is somehow a "known thing". Thought it was worth mentioning.
Which goes to this link https://www.qantas.com/hotels/campaigns/more-in-every-point
It opened up a new browser tab and I was surprised to see for about 3-4 seconds... the NAME & POINTS balance of another QFF member.
Then the tab updated to my details, replacing the other user' with mine.
I repeated the actions (clicking on the blue-bar) and it did the same things... this time with a different QFF NAME & POINTS.
Done it a few times now and each time the same result... a different person's details for 3-4 seconds before mine are updated.
If I'm quick enough I can even click the other person's name and see more information in the drop-down - before it converts over to my details.
Has anyone seen or experienced this before?
Seems like a serious security glitch to me - at very least giving away private information.
At worst - depending on what ELSE is happening in the background here to cause this - could allow someone far more computer knowledgeable and skilled than myself to possibly directly access the logged-in QFF account of another user... seemingly bypassing login & 2FA security measures?
Apologies if I'm being overly dramatic and if this is somehow a "known thing". Thought it was worth mentioning.