Complete Story


Louis Vuitton fixes data leak and account takeover vulnerability

Bleeping Computer

Louis Vuitton has quietly patched a security vulnerability on its website that allowed for user account enumeration and even allowed account takeover via password resets.

Founded in 1854, Louis Vuitton is a prominent luxury French fashion brand and merchandise company with over 121,000 employees and a $15 billion annual revenue.

The easily exploitable flaw resided within the MyLV account section of the website.

Creating a MyLV account lets a Louis Vuitton shopper track online orders, access purchase history, obtain e-receipts, manage personal information, and receive company announcements.


Printer-Friendly Version