COLLABORATION PLATFORM Huddle has been shown to have a security flaw which means that unauthorised parties may get access to things they absolutely shouldn't.
A BBC reporter was accidentally logged in to a KPMG account and had full access to private financial documents.
The tool is used by government departments including the Home Office, Cabinet Office, HMRC and parts of the NHS.
Huddle said that the bug had affected "six individual user sessions between March and November this year" and had now been fixed.
Apparently, the problem comes when two people land on the same login server within 20 milliseconds of one another. They get the same authorisation code for two-factor authentication, which means they get issued the same log-in token.
It added, "With 4.96 million log-ins to Huddle occurring over the same time period, the instances of this bug occurring were extremely rare,"
Thing is - "extremely rare" is not "never" and anything less than "never" isn't anywhere near good enough and when you hear of how simple (though random) the bug is, it's a miracle that it wasn't worse, and wasn't discovered sooner.
Huddle was launched in the UK in 2006 but has gone on to become a tool for organisations worldwide, long before rivals like Slack and Box were doing anything remotely as advanced.
In recent times it has come under increasing pressure from rivals, but not to the extent that this error in an app that claims on its website "trusted by governments and proven in enterprise, Huddle is the global leader in secure document collaboration." should have been neglected for this long.
To reiterate, Huddle has now fixed the problem so this should no longer happen, with authentication tokens now offered on an even more exclusive basis. µ
Changes ownership of crucial Linux system folders without users' permission
Could also make them waterproof, well.. kinda
Also, desperate space filling in the pre-MWC lull
Xperia XZ2 and XZ Compact leak in full just days before official launch