Redfin Exposes Users' Personal Info on Listing Contact Forms, Raises Concerns Over Data Security.
A recent security snafu at the online real estate platform Redfin made users' names, email addresses, and phone numbers publicly accessible to other users browsing listings. The vulnerability lasted for less than a week before being remediated by the company.
The issue arose when users who had previously submitted contact information on listing pages would see their details pre-filled in the form when another user visited the same page without disabling JavaScript. However, if a user disabled JavaScript while viewing the listing, past user contact information remained visible but only to that individual user.
This raised concerns over data security and transparency at Redfin, which boasts 50 million monthly users through its parent company Rocket. The company's privacy policy states it may share private information with disclosures, but there was no explicit warning provided when filling out the contact form.
Redfin spokesperson Alina Ptaszynski acknowledged the technical error and said it was swiftly fixed after the issue was discovered. However, an investigation by The Intercept revealed that a significant vulnerability persisted on mobile listings for several days before being resolved.
The incident highlights the ongoing struggle of web services to protect users' personal information and underscores the need for greater transparency in data handling practices.
A recent security snafu at the online real estate platform Redfin made users' names, email addresses, and phone numbers publicly accessible to other users browsing listings. The vulnerability lasted for less than a week before being remediated by the company.
The issue arose when users who had previously submitted contact information on listing pages would see their details pre-filled in the form when another user visited the same page without disabling JavaScript. However, if a user disabled JavaScript while viewing the listing, past user contact information remained visible but only to that individual user.
This raised concerns over data security and transparency at Redfin, which boasts 50 million monthly users through its parent company Rocket. The company's privacy policy states it may share private information with disclosures, but there was no explicit warning provided when filling out the contact form.
Redfin spokesperson Alina Ptaszynski acknowledged the technical error and said it was swiftly fixed after the issue was discovered. However, an investigation by The Intercept revealed that a significant vulnerability persisted on mobile listings for several days before being resolved.
The incident highlights the ongoing struggle of web services to protect users' personal information and underscores the need for greater transparency in data handling practices.
. Redfin's got a huge user base, 50 million+ monthly users, that's a lot of personal info to keep safe 
. And yeah the fact that it was fixed so quickly is good, but I'm still not comfortable with how transparent they were about the issue... or lack thereof 
. I mean what's with no explicit warning when you're filling out that contact form? That just seems like a big oversight to me 
. We need more accountability from these companies when it comes to data security, and more clarity for users on what's at stake 
.
, can't believe they didn't have better security in place... like what if hackers found out how to use this? 
redfin cant even get their own security right how much do you wanna bet they're still not sure what happened or just dont care lol they get 50 million users and still manage to expose peoples info on the internet like a sieve its so gross and i'm lowkey glad it was fixed but what a waste of time and money for everyone who got affected 
redfin's parent company rocket has 50 million monthly users that's like a small country 
what if hackers started exploiting these kinda vulnerabilities to get sensitive info? i know they said the issue was fixed quickly, but can we trust them to keep our data safe after this? 
and why wasn't there an explicit warning when filling out contact forms? that just feels like negligence 
can't believe they didn't warn users about sharing their info 
also shouldn't there be like an option to turn off the pre-filled thingy or something? it's not that hard to add a checkbox or something, redfin should really prioritize user security over convenience 
50 million users?! that's insane! i mean, i know we're all guilty of hitting 'remember me' on those login forms, but come on 
like, how can you not want to hit 'display more info' or something? anyway, glad they fixed it ASAP 
but seriously, we need more transparency from these companies on data handling practices 
, it's not like they're trying to be malicious or anything, but still... 50 million users shouldn't have to worry about their info being exposed like that. and yeah, transparency is key here, they gotta make sure users know what's going on with their data 
. i mean, i get it, mistakes happen, but this was a big one 
. i mean what's next? sharing ur passwords with grandma 
. it's like they say "all good things must come to an end"... but seriously, shouldn't companies have better security measures in place by now? 50 million users?! that's a lot of people's info out there... gotta stay vigilant 
, can you believe people's info was just sitting there waiting to be shared online? Like what if hackers got their hands on it? This is a major red flag for Redfin's data security, 50 million users deserve better 
. I'm glad they fixed the issue, but it's still a huge bummer for all the users who got affected.
.
but at least they acknowledged it and fixed it pretty quickly. still though, shouldn't they've been more careful with the form's design? it's not that hard to add some extra protection. i'm just glad my personal info wasn't exposed lol 
.
.
.