Hola,
TLDR; Like me, If you have submitted a rebate request to Pentair, your info might be (probably is) unencrypted and readily accessible online. What should we do?
Not really sure where to post this so I guessed that here is as good as any. I happened to come across a SUPER weak spot in how Pentair manages the data in their rebate program, for at least their pumps.
I'm not exactly sure what to do but I'd love to get my unencrypted name/address/telephone number and last 4 digits of my credit card offline asap. The info that is available goes back at least 1 year, probably more. Without any real technical know-how they've made it ridiculously easy to access the info of a boatload of people that have submitted rebate requests.
They have put literally ZERO security protocols in place. If a near computer-illiterate person like me stupidly stumbled upon this I'd hate to think what a capable, less scrupled person could do. One could, theoretically, write a super simple script, scrape their website, run it through an OCR and within minutes/hours have a working database for thousands of instances of personal info: name, address, phone numbers, home and billing address, potentially some cc info and gps data if taken with a phone that records that info to the file.
Edit by Jim R.
I have been hesitant to even post here because it's really, really easy to access the info and somebody with malicious intent would be happy to know about it. Or if somebody from Pentair read this and quickly/sloppily buried the problem without any real correction.
Have you gotten a Pentair rebate in the last year or so and care about weirdos or nefarious types getting your personal info? What do you guys think?
Thanks
TLDR; Like me, If you have submitted a rebate request to Pentair, your info might be (probably is) unencrypted and readily accessible online. What should we do?
Not really sure where to post this so I guessed that here is as good as any. I happened to come across a SUPER weak spot in how Pentair manages the data in their rebate program, for at least their pumps.
I'm not exactly sure what to do but I'd love to get my unencrypted name/address/telephone number and last 4 digits of my credit card offline asap. The info that is available goes back at least 1 year, probably more. Without any real technical know-how they've made it ridiculously easy to access the info of a boatload of people that have submitted rebate requests.
They have put literally ZERO security protocols in place. If a near computer-illiterate person like me stupidly stumbled upon this I'd hate to think what a capable, less scrupled person could do. One could, theoretically, write a super simple script, scrape their website, run it through an OCR and within minutes/hours have a working database for thousands of instances of personal info: name, address, phone numbers, home and billing address, potentially some cc info and gps data if taken with a phone that records that info to the file.
Edit by Jim R.
I have been hesitant to even post here because it's really, really easy to access the info and somebody with malicious intent would be happy to know about it. Or if somebody from Pentair read this and quickly/sloppily buried the problem without any real correction.
Have you gotten a Pentair rebate in the last year or so and care about weirdos or nefarious types getting your personal info? What do you guys think?
Thanks
Last edited by a moderator:
