I logged in to Cleverbuy to review the terms of some vouchers I bought. I clicked My Account and got the following screens:
The thing is, I am not Anthea Gabriel. I don't know who she is nor was I trying to hack her account. But there I was, looking at her full name, order list, address, email, and phone number. I could use her info for mischief. I could also change her address and password if I wanted to. Hello identity theft!
I quickly reported the bug to Cleverbuy's Facebook page. In fairness to Cleverbuy, they promptly replied and promised to fix the error.
I just hope they really do fix this security bug because it's a serious error. If a legitimate client can access another client's account without even intending to or trying, then how much easier would it be for a malicious hacker?
Update: If you got here because you're concerned about Cleverbuy being a scam, head to my more recent Cleverbuy post. That's where I post updates I get about this issue.