ZigZag retail shopping app leaks customer data

ZigZag, a retail shopping application under the umbrella of the South Korean conglomerate Kakao, fell victim to a security incident which resulted in the unintended disclosure of its users' confidential data. The event occurred on Monday, 6th of November, startling users who, upon trying to log in, were greeted with the private information of other individuals instead of their own. The fashion division of Kakao, Kakao Style, is currently evaluating the full scope of this data leak.

The sensitive data exposed includes user names, shipping addresses, past orders, and saved payment details, all of which were mistakenly made available in the app's "My Page" area. This security oversight was not promptly addressed, as the lapse continued from 2 p.m. until 11 p.m., with no interim security measures such as suspending logins implemented during this nine-hour window.

A customer expressed their concern on a digital forum, stating that they felt compelled to terminate their account after repeatedly finding themselves logged into other customers' accounts upon refreshing the page.

Kakao Style has acknowledged that the fault was due to "an infrastructure error related to the storage of login member information", They have committed to announcing a plan for reparation and preventive measures once they have fully determined the repercussions of the incident.

No details are available of the number of affected individuals nor the cause of the "error", but is definitely something not tested properly before being deployed.

A representative for Kakao Style has indicated that despite ZigZag's international availability, including in the U.S., Canada, and Japan, there have not yet been any indications of international customers being impacted by the breach. It seems that this time the impacted individuals are in South Korea.