←back to thread

Klarna users are being signed in to random accounts

(twitter.com)
475 points danielstocks | 2 comments | 27 May 21 10:28 UTC | HN request time: 0.458s | source
Show context
K0nserv ◴[27 May 21 11:01 UTC] No.27301456[source]
I suspect this might be request threading/confusion[0] issue similar to the one GitHub experienced a while back. This would explain why seemingly random user data is being returned.

0: https://github.blog/2021-03-18-how-we-found-and-fixed-a-rare...

replies(2): >>27301479 #>>27301557 #
1. toxik ◴[27 May 21 11:04 UTC] No.27301479[source]
We can only speculate, but what baffles me is that it happens for something so private, and for a company that is so rich. Do they not audit their code? Do they not risk assess these things? "Ah, storing user credentials in thread local storage, that sounds sane and bug-proof" said no auditor, ever.
replies(1): >>27301671 #
2. ◴[27 May 21 11:25 UTC] No.27301671[source]