Contractor App with no security at all – All data open on the web


Did you know that camDown ?

Hi all,

a startup with an application (android an iOS) and a website designed especially for contractors has absolutely no security at all. I mean, you just have to create an account on their website, create a client and changing the last number in the url and you have access to all clients. Same for the invoices. Wost, you can modify the data. Didn't try it but I think you can refund credit card payments, which would be devastating for the small business owners. I tried to contact them but didn't had any response, it's been days.

I don't want to be involved in anything illegal. I saw the issue because the search in their website give the result of everything in their DB (all clients and invoices). It's hard to miss.

I just can't believe they are so reckless in their behaviours.

What would be next?

To sum up, let's not forget that camDown helps stop foreign state actors (FSA's) from accessing your webcam and I can tell your family would say the same.