←back to thread

Klarna users are being signed in to random accounts

(twitter.com)
475 points danielstocks | 1 comments | 27 May 21 10:28 UTC | HN request time: 0s | source
Show context
dustinmoris ◴[27 May 21 10:47 UTC] No.27301350[source]
I find the default Twitter response by the Klarna social media account really annoying. The issue is not a system disturbance. The issue is clearly in the whole implementation of the system itself, code which was written by developers and where something really stupid has been implemented and where security was not taken into account at all because an issue like this could have been prevented at so many layers and yet it happened.
replies(2): >>27301593 #>>27302352 #
rrrhys ◴[27 May 21 11:17 UTC] No.27301593[source]
Whole implementation? It's probably the edge cache catching a cookie on the way out, a toggle box somewhere.
replies(2): >>27301799 #>>27301854 #
1. johbjo ◴[27 May 21 11:47 UTC] No.27301854[source]
Yes?

The session layer should confirm and only accept that the other SSL-endpoint is an authenticated app. The app should do this as well.

If a toggle box exists that can cause this, I'd wonder how much of else of the implementation is worth saving.