Reply
Trusted Contributor
Posts: 1,821
Registered: ‎02-16-2018

****QVC Website - Serious Security Vulnerability****

The password issue has been going on a long time on your website. It was fixed briefly and now its once again a problem. It is a major security vulnerability for all QVC customers and nothing is being done about it. It’s not that hard to fix and it makes customers worry that QVC is not taking online security seriously. Bad actors can easily access passwords when they are shown in the clear. Why in heaven’s name would QVC have an option to show someones password! The only reason why someone would have that option on a website is that they want customers passwords to be compromised. It makes no sense at all. It makes me mad as hell when I’m logging onto the QVC website and my password is showing in the clear. I’ve been patient about this, but QVC better friggin fix this ASAP or it’s going to be a FOX News story. No other online shopping sites Amazon, Macys...... have ever done anything like this. Also when customers are calling in to complain about the problem they are told it’s a problem with their computer. I called in again today and was told the same thing. It’s really bad when QVC’s Customer Service personnel are not even aware of a known security vulnerability on the QVC website. I don’t think QVC departments even know how to communicate with one another anymore. I won’t be doing business with a company that does not exercise cyber security on it’s website. This is a major security violation on your website. Fix it QVC!

Honored Contributor
Posts: 16,075
Registered: ‎03-10-2010

Re: ****QVC Website - Serious Security Vulnerability****

How are you seeing this ,where more details please,i do not see this.

When you lose some one you L~O~V~E, that Memory of them, becomes a TREASURE.
Highlighted
Honored Contributor
Posts: 11,111
Registered: ‎03-09-2010

Re: ****QVC Website - Serious Security Vulnerability****

I see it on my MacBook Pro.  You seem to have to decide on "show" or "hide".  I'd rather it be hidden all the time as before.  Why would I want to "show" it???

 

Honored Contributor
Posts: 14,964
Registered: ‎05-23-2015

Re: ****QVC Website - Serious Security Vulnerability****

I know.  I thought it was fixed, what is the problem ?????

" You are entitled to your opinion. But you are not entitled to your own facts."
Daniel Patrick Moynihan
Trusted Contributor
Posts: 1,821
Registered: ‎02-16-2018

Re: ****QVC Website - Serious Security Vulnerability****

When logging on to the website it automatically shows the password I’m typing in.

Next to the password it says “show” or “hide”. There should never be an option to show a password. It comes up automatcally in the “show” option so when typing your password it shows up in the clear. Each time when logging in you must select the “hide” option or it will show your password. This is a known problem to QVC and the fixed it once, however it has resumed. It’s been reported numerous times on the “Customer Care Forum.  

Honored Contributor
Posts: 9,278
Registered: ‎03-09-2010

Re: ****QVC Website - Serious Security Vulnerability****


@Krimpette wrote:

I see it on my MacBook Pro.  You seem to have to decide on "show" or "hide".  I'd rather it be hidden all the time as before.  Why would I want to "show" it???

 


I've tried it and next time you go to sign it's back to the show option.

 

For me, it only happens if I'm incognito on my browser.

Honored Contributor
Posts: 16,075
Registered: ‎03-10-2010

Re: ****QVC Website - Serious Security Vulnerability****

If it is the show or hide ,i see that but isn't that just because we choose that?

When you lose some one you L~O~V~E, that Memory of them, becomes a TREASURE.
Trusted Contributor
Posts: 1,821
Registered: ‎02-16-2018

Re: ****QVC Website - Serious Security Vulnerability****

The problem is QVC is not taking our online security seriously.  They are not protecting our information properly and they better start taking cyber security seriously or I and thousands others won’t be shopping here anymore.

Honored Contributor
Posts: 18,415
Registered: ‎11-25-2011

Re: ****QVC Website - Serious Security Vulnerability****

I would think for many of QVC members who are visually impaired 

or have dexterity issues, the visual password function would be 

welcomed.  IMO.

Trusted Contributor
Posts: 1,821
Registered: ‎02-16-2018

Re: ****QVC Website - Serious Security Vulnerability****


@goldensrbest wrote:

If it is the show or hide ,i see that but isn't that just because we choose that?


@goldensrbest  No, it comes up each time defaulting to showing your password.  There should never even be an option asking if you want to show your password. Only cyber thieves would plant such an option on a website. You would never want your passwords spelled out in the clear.  Easy for cyber thieves to snapshot your password.