get excited to see Guardians of the Galaxy Vol 3 See what the fuss is about at the cinema or super mario bros movie?

You might hop on your phone, click on the MyOdeon app, and look up what movies are playing at Local Flicks.

oh! The OdeonUK app has just been updated, what’s new?

Myodeon Release Notes — Release notes for the latest version of the MyOdeon app.

what’s new
Version 5.09.500

updated text
Add delete feature to app Click menu > then click my profile > click update details > delete account > if delete warning appears > click yes
To test the delete functionality, delete using this login account
Email: [email protected]
Password: Odeon1234!

Hmmm… this looks a lot like my test account credentials, and if I’m right, it says “Odeon1234!” It’s really a very stupid password.

My guess is that this username/password combination was to be kept private and only used by Odeon’s internal technical staff, rather than shared with hundreds of thousands of moviegoers.

sign up for newsletter
Security news, advice and tips.

We hope this doesn’t cause too much damage, but all app developers should be careful about what they post in their release notes. This is in case useful information is accidentally leaked to lazy people.

Did you find this article interesting? Follow Graham Cluley on Twitter Or you can read more exclusive content we post on Mastodon.

Graham Cluley is a veteran of the antivirus industry and has worked for many security companies since the early 1990s when he created the first version of Dr. Solomon’s Antivirus Toolkit for Windows. He is now an independent security he is an analyst, makes regular media appearances and gives international lectures on computer he security, hackers and online he privacy. Follow him on Twitter. @gcluleyMastodon@@[email protected]or drop him an email.

Source link

PSA. Don’t share your password in your app’s release notes • Graham Cluley

Leave a ReplyCancel Reply