Users complain about possible Canada Computers data breach

Canada Computers might have a data breach

Many new users signing up on Canada Computers to purchase products are seeing someone else’s personal information instead of their own.

A November 21, 2018 Reddit post shows a concerned user explaining that they created a new account on Canada Computers, only to notice that after logging in “someone else’s personal information (full name and address)” was in the “Address Book” and “Checkout” section of the website.

“This strikes me as a huge problem! Needless to say, I don’t think I’ll be ordering from Canada Computers,” said user ‘GoldenMonkeyPox.’

The issue happened to several other users, and many of them complained to Canada Computers but did not get a response indicating that the problem was resolved.

[PSA] Created new account on Canada Computers. Site has assigned me someone else’s personal information. Be careful. from r/bapcsalescanada

A Reddit user and information security professional, who requested anonymity in order to tell their story without fear of legal ramifications, sent MobileSyrup an email on December 2nd, 2018 noting that the problem continued to happen to them.

“I am still able to reproduce this problem by simply navigating to their site and logging in with my own credentials,” said the Reddit user.

The user said in another email to MobileSyrup that they did not reach out again to Canada Computers because of their lack of care on the issue.

“Because of Canada Computer’s lack of responses [to] multiple incidents, I don’t believe there will be any response from these guys,” said the user.

On two separate occasions, Canada Computers did not respond back to users at a timely fashion when breaches occurred.

The anonymous Reddit user said that their issue has still not been resolved and they filed a complained with the Personal Information Protection and Electronic Documents Act but has not gotten a response.

Some users are concerned because Canada Computers started operating in three of B.C.’s locations in April 2018 that were formerly occupied by NCIX, officially known as Netlink Computer Inc, the company that had hardware with stored employee data being sold on Craigslist.

On August 1st, 2018 Privacy Fly’s Travis Doering reportedly came across the Craigslist posting, now taken down, for a NCIX database containing 15 years worth of customer and employee data.

Screenshots from the anonymous Reddit user. The information shown belongs to other people which the user saw upon logging into their account.

This news was released several months after NCIX had filed for bankruptcy in December 2017 after 20 years of operation.

MobileSyrup reached out to Canada Computers for a comment but did not get one in time for deadline.

The original Reddit post does have responses made by a user claiming to be someone from Canada Computers.

“Hi guys, this has been forwarded to head office. Sorry for [the] inconvenience this may have caused,” Reddit user papercatsATK wrote.

“Once I hear confirmation I will let you know! I’m not in office until tomorrow. I had zero clue it had happened until a personal friend of mine sent me the link, it was around 1AM. I got it to where it needed to be ASAP. Trying my best!” the user wrote.

Source: Reddit