Videotron’s Fizz has fixed a bug that would allow someone to view someone’s full email address based on their referral code.
How did this happen? Sharing your referral code allows others to access your email, which is likely also your account username.
By logging in to the Fizz website and navigating to the gifting data page, entering a referral code, and clicking next to set the amount, users can exploit a browser trick. By pressing back and then forward again, the user’s full email address will be displayed instead of the code.
We were able to replicate the bug, that did indeed expose the full email address of any referral code entered. It was pretty surprising to see an email address just show up like that.
This was discovered by a Reddit user on Tuesday. After a Fizz customer contacted iPhone in Canada, we reached out to Fizz about the bug yesterday evening.
On Wednesday morning, a Fizz spokesperson confirmed with iPhone in Canada the bug has been fixed. “Please note that our team has deployed a fix that has solved this issue,” said the Fizz spokesperson. That’s a decent turnaround time for a bug fix that definitely was a privacy issue.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
