All a user required was to open Gumtree’s website and press the F12 button on Chrome or Firefox browsers to view users’ personal data.
A UK-based classified site and used goods marketplace, Gumtree, exposed the home addresses of its users in its webpages source code. Gumtree is among the top 30 sites in Britain, and millions of new users visit the site every month.
This indicates the leak could have possibly impacted a significant number of advertisers on this website. Reportedly, around 1.7 million monthly sellers’ data could be exposed in the leak.
What is the Issue?
British firm Pen Test Partners discovered the data leak. The issue was that anyone could have accessed the PII (personally identifiable information) of Gumtree users and sellers just by pressing F12 on the keyboard while using Google Chrome and Firefox browser.
In a normal scenario, when f12 was is pressed in any of the aforementioned browsers, it opens the developer tools console allowing the user to view the source code of the website, examine network requests, and monitor error messages of the website.
However, in Gumtree’s case, anyone could have viewed