MOTHERBOARD - May 12 - The youth dating site OurTeenNetwork claims to be the "best rated teen dating and social networking site," created "for the safety of online teen dating and socializing." But despite those claims, until this week, anyone on the Internet could read the private messages exchanged between users. Any user on the site is assigned a unique, non random ID, such as 16164. The problem is that every private conversation uses those IDs, making a simple, guessable link such as ourteennetwork.com/conversation/ID1/ID2. Until this week, by guessing the ID numbers, any registered users could read other people's messages, and even type new messages—effectively pretending to be either one of the users. The site's founder said: "he built the site in haste :("
by Lorenzo Franceschi-Bicchierai
See full article at Motherboard