Brewer’s Token Gaffe Causes Massive PII breach
The mistake allowed any user to access the personal identifiable information (PII) belonging to another user. Other information exposed in the incident included users' shareholding details and bar discount.
Researchers said that the details of over 200,000 shareholders "plus many more customers" were exposed "for over 18 months."
The token error left BrewDog vulnerable to theft, according to researchers, who noted that shareholders can claim a free beer in the three days before or after their birthday under the terms of the Equity for Punks scheme.
"One would simply access an account with the required date of birth, generate the QR code and the beers are on BrewDog!" wrote the researchers.
Pen Test Partners has criticized BrewDog's handling of the cybersecurity