UK online used goods bazaar Gumtree exposed its users’ home addresses in the source code of its webpages, and then tried to squirm out of a bug bounty after infosec bods alerted it to the flaw. British company Pen Test Partners (PTP) spotted the data leakage, which meant anyone could view a Gumtree user’s name and location (either postcode or GPS coordinates) by pressing F12 in their web browser.
Read full article on The Register