HowAboutWe fix this security flaw?

I posted a HowAboutWe profile after my foodie friend Lee retweeted something about “Eater Dating.” Of course I wanted to get in on Eater Dating; I like Eater -> Girls who like Eater share a similar interest -> How About We go have some Lobster Bisque? -> Yadda Yadda Yadda

A few days after I posted some profile pictures and my first date suggestion. I get a few messages from different friends of mine saying that I was featured in their “Recommended Dates” email over the weekend. One of my friends actually forwarded me the email I was in:
.

.
I responded this morning, and clicked my profile to go back to the site:
.

.

I look up at the top right corner and it seems like I am logged in as my friend. The visitors/inbox numbers seem about the same, and apparently I can ask “him” out. I click visitors out of curiosity:

.
.

It’s confirmed, I’m officially logged in as my friend. Can I do everything a user is allowed to right now? Let’s find out.

How about we… check out her inbox?

.
.

How about we… post a new date?

.
.

How about we… change her privacy settings?

.
.

I’m sure they’ll fix this soon, but in the meantime, how about we not forward anyone our How About We Email?


3 Comments »
Filed under: Breaking News

3 Comments on “HowAboutWe fix this security flaw?”

  1. 1 Stwo said at 11:33 am on January 24th, 2012:

    Good find, Hagan!

  2. 2 Michelle said at 3:12 pm on January 24th, 2012:

    Hi Hagan — we’ve clarified how “Login Instantly” works here: http://www.howaboutwe.com/date-report/2387-howaboutwe-updates-login-instantly-button Please feel free to let me know (I just sent you an email) if you have further questions.
    -Michelle, editor at HowAboutWe

  3. 3 admin said at 11:49 am on January 25th, 2012:

    To summarize that link, the default is to auto-login and there is no way to turn it off.

Leave a Reply