London Classified Ads Site Gumtree Experiences Data Breach Due to F12 Key

Gumtree.com, also known as Gumtree, is a classified ad and community website based in the UK. Starting November 2010, it was the UK’s largest website for local community classifieds and one of the top 30 websites in the UK, with 14.8 million monthly unique visitors, according to a traffic audit in 2010.

What Happened?

The site for free classifieds ads Gumtree.com experienced a data leak after a security expert disclosed that by just pressing F12 on the keyboard, he was able to access confidential personally identifiable information (PII) of advertisers.

When the F12 key is pressed in a web browser, the developer tools console opens, allowing you to view a website’s source code, track network requests, and view error messages generated by the website.

Making critical data inaccessible to the public when accessing a website, even if the source code can be seen, is considered the most important security measure.

Nevertheless, security analyst Alan Monie from Pen Test Partners noticed that by reading the HTML source code of the ads displayed on Gumtree’s website, he could see the PII of advertisers.

The site was super leaky. Every advert on the site included the seller’s postcode or GPS coordinates – even

Read More: https://heimdalsecurity.com/blog/london-classified-ads-site-gumtree-experiences-data-breach-due-to-f12-key/