Safety

Fashion retailer Express left customers’ personal data and order details exposed to the internet

Express left customer order confirmations accessible via guessable sequential IDs, exposing names, addresses, contact info, and partial payment card details.

Thursday, April 16, 2026 12:00 PM UTC2 MIN READSOURCE: TechCrunchBY sys://pipeline

Fashion retailer Express left customer order confirmation pages exposed due to sequential order number vulnerability, revealing names, addresses, contact info, and partial payment card data. Security researcher Rey Bango discovered the flaw and enlisted TechCrunch's help to facilitate patching.

Read original at TechCrunch