The website leaks some information in the console about you

Hey there. I just wanted to flag that the website, particularly the "My account" section is leaking informations in the browser console. I'm a software developer and I often open the dev console to see what's going on in the background. I was shocked to see that some JSON data is printed right into the console. This includes your postal code, your userID your accountId and more.

Although it seems to be somewhat encrypted, I don't think this is a good idea to print user details that way in the browser console. A serious company wouldn't do that... This is pure amateurism from a software developer perspective.

Answers

  • E S.
    E S. Posts: 325
    I'm freaking out people could find my postal code. I don't know what to do.
  • Whizz
    Whizz Posts: 13,448
    Hello Eric,
    Don't worry, we're not leaking any of your information.
    Have a nice day.
  • Allison W.
    Allison W. Posts: 1,270
    Thank you for bringing this to our attention. I'm now more concerned that fizz doesn't consider this information leaking to be an issue worth looking into.
  • I was looking at the console this morning to see if it was fixed and guess what. It is not fixed and there's even more! They now output all your billing cycle in the console. Although there's no information that can really be used to compromise your data, I think some developers at Fizz/Videotron need to get their sh** together and be more professional to not leave what seems to be debug informations on the production application.. You know, Angular (which is the framework used to build the my account portal) allows you to do that pretty easily...
  • Thanh S.
    Thanh S. Posts: 360
    Oh. Please close this.
This discussion has been closed.