HP Ink Advantage Redemption – Privacy Concerns

I recently bought a HP Ink Advantage 3545 All in One. It was purchased while HP was running an offer where in I can choose and redeem one of the available options. I have opted for a free black cartridge. While there are further formalities to be completed before hp can send me the free cartridge, I have received a mail today from hp with a link to redemptionsupport.com. I can go to this website and check the status of my claim.

I visited the website and I could view the claim status on the site after I entered the 7 digit code I received in the mail. No password is required, no captcha, no verification.

I then entered the next number(my code + 1, this does not belong to me). I could then view the claim status of some other person who registered/claimed after me. I tried the next number, next, next and next. I can see details of others easily.

What is the concern in this? Concern is, the details include the name, address, mobile number, email address apart from other details.

HP is letting the visitors see all these details of their customers without requiring any password. Of course, it needs a 7 digit code, but thats not difficult, I can enter a random 7 digit number and get details of some xyz person. It is a plain numeric code which I think is allotted in series.

What if someone sees a random persons details? HP should not display details like this without requiring a password. There are bots/spiders/scrapers which scrape the details like address/email/phone numbers from web-pages and build the databases of tele-marketers/spammers. Knowing the size of HP, imagine how many addresses these bots can get from HP’s redemptionsupport website.

This database of HP customers who try to redeem something will keep growing as HP keeps running one offer or the other. Using random numbers, I could see details of a customer who claimed the freebie more than an year back. This means HP does not remove the details even after the claim is fulfilled. There may be records even older than this.

The details also include the product, model, serial number, date of purchase etc.. This was not limited to printers, it included products like laptops too. I’m not sure if serial numbers also can be misused, but they were also displayed.

I hope HP realizes this and removes access to the customer records in such a way. To bring it to the notice of HP, this article has been tweeted to hp, hpindia, hpnews, hpsupport, hpprint and hpdeals . If you have a better idea of bringing it to their notice, please do.

Thanks.

 

 

Posted in Drop Box
  • Sal

    Can you recommend me a laser printer apart from this?

  • Sal

    Thanks for the info man, came here from from your YouTube channel, thanks for sharing your reviews. Pretty neat job.

    • vishki

      I did not do any research of the market lately, so I can not recommend one. I bought Ricoh because of its refillable toner and low maintenance and it is serving me well. If you are a home user and cost conscious, look for printers with refillable cartridges or atleast which can be easily refilled to keep the costs low. I think some samsung and hp printers can be refilled easily.

      Also have a look at epson ink tankinkjet printers, they are economic too. Being inkjet printers, you will have to use them atleast once every two weeks or so to avoid drying.

      • Sal

        Thanks man, I already bought an HP 202dw, thanks for the heads up but I did check the Epson but didn’t go for them because the ink goes dry if one doesn’t use..