Expert Commentary: Short-Seller Says Lemonade Website Bug Exposed Insurance Customers’ Account Data

An activist short seller has written a letter to the chief executive of insurance giant Lemonade with details of an “accidentally discovered” security flaw that exposes customers’ account data. Carson Block, the founder of investment research firm Muddy Waters Research, sent the letter to Lemonade co-founder and chief executive Daniel Schreiber on Thursday, describing the bug that allowed anyone to inadvertently access personally identifiable data from customers’ accounts as “unforgivably negligent.” Block’s letter said: “By clicking on search results from public search engines, we shockingly found ourselves logged in to and able to edit Lemonade customers’ accounts without having to provide any user credentials whatsoever.

Experts Comments

May 14, 2021
Pravin Rasiah
VP of Product
CloudSphere

Without holistic awareness within your IT infrastructure, a security flaw such as this one can exist for an indeterminate amount of time before the issue is flagged. In this case, security researchers were the ones to discover Lemonade’s bug, but many businesses may not be so fortunate. In order to ensure that all gaps in security are addressed and fixed in a timely manner, a cloud governance platform providing comprehensive, real-time observability into the IT infrastructure is essential.

.....Read More

Without holistic awareness within your IT infrastructure, a security flaw such as this one can exist for an indeterminate amount of time before the issue is flagged. In this case, security researchers were the ones to discover Lemonade’s bug, but many businesses may not be so fortunate. In order to ensure that all gaps in security are addressed and fixed in a timely manner, a cloud governance platform providing comprehensive, real-time observability into the IT infrastructure is essential. With guardrails in place, security teams can stay apprised of abnormalities and ensure data remains secure before bad actors can infiltrate or sensitive information is exposed.

  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.