eSun Makes Security Error, Resets Customer Passwords to Email Addresses

By on October 15th, 2024 in Corporate, news

Tags: , , ,

It appears that has made a significant security mistake on their online 3D print materials store.

The web store, like most, offers the ability to store your id for future use. This is useful for saving payment methods, shipping addresses, etc. Many customers would undoubtedly have used this feature.

However, according to a Reddit post by user ariehh, the company issued a notice to users with a shocking twist. The notice read:

ā€IMPORTANT NOTICE:
Dear Customer,

Due to the website system upgrade, we have migrated your account information to the new system! In order to ensure the security of your account, we have reset all the login passwords, and the default password after reset is same as your email account. Please change the default password in time after logging in to prevent data loss. We apologize for the inconvenience caused! We hope you enjoy our new website experience, we would be grateful if you could send any feedback to [email protected].ā€

Hold on, letā€™s read that again:

ā€œWe have reset all the login passwords, and the default password after reset is same as your email account.ā€

In other words, ANYONE with someoneā€™s email address can login to their account, as long as they login before the actual owner does. This is a significant breach of privacy, as it potentially exposes physical addresses and other personal information.

Itā€™s possible that the password will have to be reset after logging in the first time. This means that any eSun customer finding their account DOES NOT have their email address as the password may have been compromised in this way.

This is an extraordinary error by eSun, and one that could have been easily avoided. Normally security would simply reset all the passwords and require the user to specify a new password. I have no idea why eSunā€™s programmers would have taken this risky approach, as it seems to be a basic security situation.

Reddit commenter summed it up like this:

ā€œThat is off the charts a bad security blunder.ā€

Iā€™m hoping that eSun will rectify the situation, although itā€™s likely too late for some.

In the meantime, if you happen to have an account on eSunā€™s store, youā€™d best get over there and reset your password ASAP.

Via Reddit

By Kerry Stevenson

Kerry Stevenson, aka "General Fabb" has written over 8,000 stories on 3D printing at Fabbaloo since he launched the venture in 2007, with an intention to promote and grow the incredible technology of 3D printing across the world. So far, it seems to be working!