[Advisory] Do not post your order numbers - your data is at risk.

Hi folks.

Just over 18 months ago, I reported a serious privacy risk to Insta360 demonstrating every order was publicly visible, including names, phone numbers, email addresses, home addresses, payment methods, passwords (they're unsalted MD5!) etc.

To my amazement, this issue still exists and at this point, it needs to be highlighted with customers. Unfortunately, Insta360 will insist on requesting order numbers on various support channels (Twitter, FB, Forums etc) - making it easier for attackers to harvest information.

Do not post your order IDs publicly, under any circumstances.

I expect this post will be deleted, but I'm contactable here if you need further info: https://twitter.com/paul_reviews

Thanks,

Paul