An activist short seller has written a letter to the chief executive of insurance giant Lemonade with details of an “accidentally discovered” security flaw that exposes customers’ account data.
Carson Block, founder of investment research firm Muddy Waters Research, sent the letter to Lemonade co-founder and chief executive Daniel Schreiber on Thursday, describing the bug that allowed anyone to inadvertently access personally identifiable data from customers’ accounts as “unforgivably negligent.”
Block’s letter said: “By clicking on search results from public search engines, we shockingly found ourselves logged in to and able to edit Lemonade customers’ accounts without having to provide any user credentials whatsoever.”
