back to article Now this might be going out on a limb, but here's how a branch.io bug left '685 million' netizens open to website hacks

Bug-hunters have told how they uncovered a significant security flaw that affected the likes of Tinder, Yelp, Shopify, and Western Union – and potentially hundreds of millions of folks using these sites and apps. The software sniffers said they first came across the exploitable programming blunder while digging into webpage …

  1. elDog

    Thank you uMatrix. It won't even let me go to the branch.io site.

    Now, if I were into tinder and other hook-up sites, I might disable these checks. I might also not wear protection when establishing contact.

    1. ds6 Silver badge
      Meh

      Re: Thank you uMatrix. It won't even let me go to the branch.io site.

      Anyone that doesn't use uBlockO + uMatrix is not a friend of mine.

      ...Actually, none of my friends do, so maybe I should re-evaluate my claim.

  2. Claptrap314 Silver badge

    Welp, here we go again.

    Conveniently, I don't use Tinder, Yelp, Shopify, or Western Union. Imgur? $#@*. Oh, wait. I exclusively access Imgur through and account that I use just for viewing comics & Imgur.

    Quite a few folks here are really down on cloud computing as "somebody else's computers". Shall we talk about cloud-style programming and "somebody else's code"?

    1. cb7

      Re: Welp, here we go again.

      Correct me if I'm wrong, but I think Shopify is an ecommerce platform, so you could be using it when shopping online without even knowing it.

      1. Anonymous Coward
        Anonymous Coward

        "so you could be using it when shopping online without even knowing it"

        It could even be worse. I know at least a site (a known photography bags maker) where you can't even see the products if you don't allow Shopify. A lot of sites today are an intricate mesh of different services, including "malware as a service".

      2. Claptrap314 Silver badge

        Re: Welp, here we go again.

        Online shopping? Me? Hahahahahahahaha....

  3. Anonymous Coward
    Anonymous Coward

    Utterly Insane

    This is why people use ad blockers and/or actively maintain a block-list in their hosts file.

  4. vtcodger Silver badge

    "the security issue was actually within a toolkit, called branch.io, that tracks website and app users to figure out where they've come from,"

    And this is needed because without it users might retain some small degree of anonymity?

    Anybody besides me developing an uneasy feeling that this whole internet thing is going to end badly?

    1. ds6 Silver badge
      Mushroom

      "going to"? The Internet is already a massive dumpster fire, what with the likes of IoT, XSS, phishing, domain squatting, Facebook exploits, database dumps, and what have you. Every day something new that either has the capability to affect or has actively affected millions of people is uncovered, and no one cares or changes their habits.

      It's like having your house broken into while your throw rug is aflame, but you just keep sitting there eating your bowl of porridge and scrolling through your phone because it's "not your problem" and hasn't visibly touched you yet. Daunting.

  5. Version 1.0 Silver badge

    You're sure this is a bug?

    It sounds to me more like a "feature" ... not very user friendly certainly but users are just chickens queuing up for a good plucking. We're just a resource to be mined for cash in the world of Facebook, Google and friends.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like