Expert Commentary: Short-Seller Says Lemonade Website Bug Exposed Insurance Customers’ Account Data

An activist short seller has written a letter to the chief executive of insurance giant Lemonade with details of an “accidentally discovered” security flaw that exposes customers’ account data. Carson Block, the founder of investment research firm Muddy Waters Research, sent the letter to Lemonade co-founder and chief executive Daniel Schreiber on Thursday, describing the bug that allowed anyone to inadvertently access personally identifiable data from customers’ accounts as “unforgivably negligent.” Block’s letter said: “By clicking on search results from public search engines, we shockingly found ourselves logged in to and able to edit Lemonade customers’ accounts without having to provide any user credentials whatsoever.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Pravin Rasiah
Pravin Rasiah , VP of Product
InfoSec Expert
May 14, 2021 11:06 am

<p>Without holistic awareness within your IT infrastructure, a security flaw such as this one can exist for an indeterminate amount of time before the issue is flagged. In this case, security researchers were the ones to discover Lemonade’s bug, but many businesses may not be so fortunate. In order to ensure that all gaps in security are addressed and fixed in a timely manner, a cloud governance platform providing comprehensive, real-time observability into the IT infrastructure is essential. With guardrails in place, security teams can stay apprised of abnormalities and ensure data remains secure before bad actors can infiltrate or sensitive information is exposed.</p>

Last edited 1 year ago by Pravin Rasiah
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x