play_arrow

keyboard_arrow_right

skip_previous play_arrow skip_next
00:00 00:00
chevron_left
volume_up
chevron_left
  • cover play_arrow

    Rother Radio (128k) Love Local, Love Music!

  • cover play_arrow

    Rother Radio (64K) Love Local, Love Music!

  • cover play_arrow

    Hit Music Radio (128K) More Music Variety!

  • cover play_arrow

    Hit Music Radio (64K) The Best Variety of Hits!

Business News

Hackers could have stolen beer from BrewDog using bug that exposed details of 200,000 shareholders

today08/10/2021

Background
share close

Hackers could have stolen beer from the Scottish brewery and pub chain BrewDog due to a vulnerability that exposed details of more than 200,000 shareholders.

The vulnerability in the company’s mobile app was discovered by security consultancy Pen Test Partners who said that details belonging to customers and “Equity for Punks” shareholders were accessible for over 18 months.

Due to the way the mobile app authenticated users, it would have been “trivial” for any of them to access someone else’s personally identifying information.

“But, best of all, shareholders get a free beer on the three days before or after their birthday under the terms of the Equity for Punks scheme,” the consultancy said.

Brewdog beers
Image: Hackers could have stolen free BrewDog beers

“One would simply access an account with the required date of birth, generate the QR code and the beers are on BrewDog!”

Data exposed by the bug included names, dates of birth, phone numbers, email and delivery addresses, shareholdings and more.

Pen Test Partners said that this data would be considered personally identifying information under the UK’s data protection laws.

More from Science & Tech

These laws also include an obligation on companies to keep that data secure – something which the consultancy said BrewDog had failed to do with its designs.

BrewDog said it has now fixed the issue and during its audits did not discover any evidence that hackers had stolen shareholders’ data – although researchers caution that the absence of evidence is not the evidence of absence.

A spokesperson for the company said: “We were recently informed of a vulnerability in one of our apps by a third party technical security services firm, following which we immediately took the app down and resolved the issue.

“We have not identified any other instances of access via this route or personal data having been impacted in any way. There was therefore no requirement to notify users.

“We are grateful to the third party technical security services firm for alerting us to this vulnerability. We are totally committed to ensuring the security of our user’s privacy.”

Brewdog brewery taps
Image: The company was criticised earlier this year by employees who alleged a ‘culture of fear’

“Our security protocols and vulnerability assessments are always under review and always being refined, in order that we can ensure that the risk of a cyber security incident is minimised,” they concluded.

Pen Test Partners added: “An obvious question is whether the data has been accessed by unauthorised persons.

“Whilst BrewDog say that they can’t currently see any evidence of that, we’re not quite sure how they would validate this: every request will be coming from a valid account with a valid (but identical!) bearer token.

“How therefore would they prove that the request was from the valid user and not from persons unknown?”

“It will need a very thorough forensic investigation to prove for certain that a breach hasn’t occurred,” the consultants added.

Earlier this year BrewDog CEO and co-founder James Watt apologised and vowed to “listen, learn and act” after a group of ex-employees joined together to allege a culture of fear at the company.

 Sky News

© Sky News 2021

Written by: Rother Radio News


Previous post

Entertainment News

‘Let’s celebrate that theatre is back’: Rankin on his latest West End photography project

Photographer extraordinaire Rankin has launched one of the biggest projects of his career, by attempting to snap 200 people from the world of theatre to help raise money for charity.Inspired by the complete shut down of cultural venues in London, Rankin will open an exhibition in person and online, as well as launch a book, that showcases the resilience of the sector by photographing everyone from actors, to stage managers, […]

today08/10/2021