Dangerous Glitch

[HowRevelationary]

Hello ShopLC community! In January 2018 I was using the ShopLC App on the RA when I realized my bids were showing up under someone else’s name. When I clicked on user profile, I saw account info that was not mine! Panicked, I quickly logged that user out. Going back on the app, I realized that I was on yet another user’s account. I logged them off as well, thinking that no one else would be able to access their account (inadvertently) if they were logged off. Then when I finally found my own account, I noticed bids showing up in my bid history that were NOT made by me. I figured IT must know something was going on and was working on it. From then on I made sure I logged off my account every time I was done using the app. It was a little cumbersome, but better safe than sorry, right? Then I started using the website from my smartphone. It was set up much the same as the app, and the “your personal favorites” function seemed to work better. Fast forward to CM craziness, and this dangerous glitch reared its ugly head again (for another user). Kudos to her for having the presence of mind to take screenshots of the account info (not hers) she inadvertently had access to, and forwarding the information to CS (who hopefully sent it to IT dept). Thank goodness for proactive people like her! My question to this community is this: I know this can happen on the app, but has anyone noticed this dangerous glitch occurring while using just the website? Thanks to you all for reading, and Happy Holidays!!

[Catticus]

@HowRevelationary

YES!!!!!!

This has happened to me while using the website!

I logged in with my email and my password and found myself in another member's account. I could see this member's full name, address, and their different CC info, though only the last four numbers showed, of course.

I took screenshots and sent them to CS. It scared me to death!

What's to stop a person this happens to from placing an order and having it shipped to a friend's address? The friend could deny that they received anything and the person who placed the order could deny having placed it!

I've read about people finding themselves in another person's account TOO MANY TIMES NOW!

IT IS TIME FOR SHOP LC TO "GET WITH IT", LIKE OTHER ONLINE STORES DID SINCE THE FLINTSTONES' BEGAN SHOPPING ONLINE, AND FIX THIS!

When this happened to me, it was almost TWO YEARS AGO!

Yet IT IS STILL HAPPENING!?!?!?!

SLC, PLEASE FIX THIS "TOP OF THE LIST OF IMPORTANT THINGS TO DO" NOW!!!!!

And please use PASSWORDS, as well. NOT NUMBERS!

THIS IS EXTREMELY UPSETTING!

And if you think members are dissatisfied with the MANY changes lately, you don't KNOW what dissatisfaction is!

THIS ALONE WILL STOP PEOPLE FROM EVER SHOPPING AT SLC!

If this continues, members will not only REFUSE to shop here, but they'll spread the word FAST that members' account information is available to others and...

THAT IT IS NOT SAFE TO SHOP HERE!

You've had YEARS to fix this!

I have NEVER had this happen in all my YEARS of online shopping ANYWHERE EXCEPT HERE.

I have read on "Consumer Reports" types of online websites about this happening to others here years ago, and to some, recently.

And I've read about it happening to members on this forum RECENTLY.

Now, here I am...hearing about it AGAIN!

WHYYYYYYYYYYY?!?!?!?!

THIS IS YOUR NUMBER ONE PRIORITY RIGHT NOW!

It's NUMBER ONE on your DO IT NOW LIST!

It takes precedence over EVERYTHING!

Over Smackdowns, Percentages Off, Sales, Codes, Doorbusters, Host(s) airtime, Shungite, Diopside, and Tanzanite!

THIS ISSUE IS SHOP LC'S NUMBER ONE PRIORITY!

I apologize if I sound upset,
BUT I AM UPSET!

[Blossom]

It's never happened to me on website, but this is an outrage! As Catticus said, SLC this should be your #1 priority! Secure your site...like YESTERDAY!

[RS]

It does need to be fixed, and NOW!

Not only dangerous for the shoppers but any breach and SLC can and most likely will be held accountable. Perhaps a Class Action. It happened with those other companies who had breaches. Those companies continued to ignore the issue. The consumers sued and they won.

[Ginger]

I’ve had it happen to me on the website and app and I could see everything from those accounts! I was shocked and panicked. I took screenshots and called customer service and he asked for the person’s name that I was seeing and I told him and he advised me to just log out. The 2nd time I wasn’t even asked for the account information, nothing except she didn’t understand why I was seeing it. I was told to change the pin, uninstall and reinstall the app and my account would come up correctly. I was floored that more action wasn’t taken to secure the website, if I was seeing others information-then I wonder who all was seeing my information. I haven’t had this happen at any other online retailers except ShopLC and when it’s not secure at all. I too would prefer a password instead of numbers. You sell the RFID protection products on your website to prevent identity theft, how about doing something to your website to prevent this also ShopLC??

[LisaC2019]

This sounds like a potential data breach has occurred Shop LC is attempting to cover up just like other retailers have in the past. I don't use the app or any other method to order except the website and now I am reading that customers are able to see other customers information. Even if the customers entire credit card numbers were not exposed their personal information has been and this was/is still a data breach.

I would just report the information to an outside agency and then maybe the complaint will be taken more seriously. Why wait until someone's personal information, financial data, or entire account is breached to fix the "KNOWN" problems. I would also keep the customer in the loop to the changes...perhaps that is a reason why you now require passwords versus pins but from reading these posts that was a start but is not enough. Between the shipping glitches and stuck invoices Shop LC you have a REAL problem that needs to be addressed. So instead of continuing your efforts to improve and further clutter the website try focusing and fixing the internal problems first.

[Moderator_Connor]

Good Afternoon, Everyone!

I am so very sorry to hear that you all have experienced or witnessed this critical error! It would certainly be a breach of our user's security and privacy to leave such an error unchecked. The information here, as well as the previous information already submitted to us, has been given to our IT and Web Tech teams to investigate the root cause of the error so that we can get this resolved as soon as possible.

[Auntie]

Good Afternoon, Everyone!

I am so very sorry to hear that you all have experienced or witnessed this critical error! It would certainly be a breach of our user's security and privacy to leave such an error unchecked. The information here, as well as the previous information already submitted to us, has been given to our IT and Web Tech teams to investigate the root cause of they error so that we can get this resolved as soon as possible.

Connor, why don’t you print off all of the messages, and take it to your LEGAL DEPARTMENT and ask for a review and an answer within 20 days! I believe we have the right to know! To heck with sending it to the tech IT department obviously they haven’t given at the top priority, maybe the legal department can give them a little Push in the right direction like FIX IT NOW !

[RS]

Good Afternoon, Everyone!

I am so very sorry to hear that you all have experienced or witnessed this critical error! It would certainly be a breach of our user's security and privacy to leave such an error unchecked. The information here, as well as the previous information already submitted to us, has been given to our IT and Web Tech teams to investigate the root cause of they error so that we can get this resolved as soon as possible.

Connor, why don’t you print off all of the messages, and take it to your LEGAL DEPARTMENT and ask for a review and an answer within 20 days! I believe we have the right to know! To heck with sending it to the tech IT department obviously they haven’t given at the top priority, maybe the legal department can give them a little Push in the right direction like FIX IT NOW !

Legal department?

Would that be the Law Office of Dewey, Cheatem and Howe?

[Blossom]

Good Afternoon, Everyone!

I am so very sorry to hear that you all have experienced or witnessed this critical error! It would certainly be a breach of our user's security and privacy to leave such an error unchecked. The information here, as well as the previous information already submitted to us, has been given to our IT and Web Tech teams to investigate the root cause of they error so that we can get this resolved as soon as possible.

Connor, why don’t you print off all of the messages, and take it to your LEGAL DEPARTMENT and ask for a review and an answer within 20 days! I believe we have the right to know! To heck with sending it to the tech IT department obviously they haven’t given at the top priority, maybe the legal department can give them a little Push in the right direction like FIX IT NOW !

Legal department?

Would that be the Law Office of Dewey, Cheatem and Howe?

Well that took me a few seconds to get but when I did..