I am a new Flipkart user. I very much like Flipkart for the wide range of products available, low price, 24 x 7 customer care, in-time delivery. By looking at Flipkart’s facebook page facebook.com/flipkart which has more than 850k people following, I believe Flipkart will have a minimum of 1 million users.
I recently ordered a Canon Lide 110 scanner from Flipkart, and got a email next day with a link to track my order. The order tracking page has details about shipping to help us to track where the package is. I wanted to quickly check if the order page is available only for my login session or for anyone in the web. Shockingly, the url works for anyone, and it is even enabled for search engine crawling.
- The email id of the user is available in the url of tracking page
- User’s name, City, Pin code available in the tracking page
Below is just a few of the Flipkart user’s order details available in public.
I would recommend Flipkart to do one of the following to ensure users’ privacy.
- Make the order tracking page available only for the signed in user who made that order
I am also sending this post as an email to firstname.lastname@example.org to take an action.
Got an immediate response from Flipkart CEO saying they will soon fix this.