Expert Commentary: Short-Seller Says Lemonade Website Bug Exposed Insurance Customers’ Account Data

By   ISBuzz Team
Writer , Information Security Buzz | May 14, 2021 03:03 am PST

An activist short seller has written a letter to the chief executive of insurance giant Lemonade with details of an “accidentally discovered” security flaw that exposes customers’ account data. Carson Block, the founder of investment research firm Muddy Waters Research, sent the letter to Lemonade co-founder and chief executive Daniel Schreiber on Thursday, describing the bug that allowed anyone to inadvertently access personally identifiable data from customers’ accounts as “unforgivably negligent.” Block’s letter said: “By clicking on search results from public search engines, we shockingly found ourselves logged in to and able to edit Lemonade customers’ accounts without having to provide any user credentials whatsoever.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Pravin Rasiah
Pravin Rasiah , VP of Product
May 14, 2021 11:06 am

<p>Without holistic awareness within your IT infrastructure, a security flaw such as this one can exist for an indeterminate amount of time before the issue is flagged. In this case, security researchers were the ones to discover Lemonade’s bug, but many businesses may not be so fortunate. In order to ensure that all gaps in security are addressed and fixed in a timely manner, a cloud governance platform providing comprehensive, real-time observability into the IT infrastructure is essential. With guardrails in place, security teams can stay apprised of abnormalities and ensure data remains secure before bad actors can infiltrate or sensitive information is exposed.</p>

Last edited 2 years ago by Pravin Rasiah

Recent Posts

Would love your thoughts, please comment.x