07 Mar Nike Server Data Exposes Login Credentials
It was recently reported that an 18-year old researcher had found a vulnerability in Nike’s website that allowed an attacker to read sensitive server data such as passwords with just a few lines of code.
The flaw was discovered by Corben Leo last year. He contacted the company via its bug bounty email address, but did not get a reply for months. Leo said that he was able to extract data from the Nike.com subdomain to an external FTP with a Python exploit code.
After Nike had finally responded, it downplayed the risks the bug could have caused to its other systems and merely said that the domain MyNikeTeam.com was a pilot site hosted on a separate server and has already been taken down.