The Bpost website has had a major privacy and security problem for a while. VRT NWS made that out. You could not only follow the details of your own parcel on its way, but also those of some others. The problem would have been solved in the meantime.
–
The Bpost website has had a major privacy and security problem for a while. VRT NWS reports this. According to the public broadcaster, it was possible for a long time to see the recipient, the product and the code of a parcel that was intended for someone else, and to pick it up at a post point or from a parcel locker. In the meantime, the problem would be solved.
A journalist from the VRT did the test himself. Then it turned out that via a search it was possible to track not only your own packages, but also those of some others. You could not only see the recipient of the product, but also the place where it would be delivered and the unique numerical code. This was a limited list of parcels, mainly from private individuals.
It also ensured that it was possible to collect a parcel that was intended for someone else using this specific numerical code. At a postal point you are sometimes still asked for an identity card – often not even in these busy times – but at an unmanned parcel locker you only have to enter the reference code, it sounds.
The VRT journalist was able to collect a parcel with the permission of the rightful owner – purely with the information on the website.
Bpost is now aware of the problem and has solved it, the company reports to the VRT. ‘We have immediately discontinued the way of looking up parcels via that generic reference, so that people can only search for their parcel via the unique code. Of course all parcels will be delivered. ‘
– .
