If you have had an account on Aspire-Wholesale.com or Ecigaspire.co.uk it was left wide open with the company Anyvape publicly displaying a password.
My account, if you knew my email, was left wide open so I decided to use their live chat to message them
Bad practice IMO, very very silly
Did they ever respond to you?
Nope, chat timed out…
We are talking about wholesale accounts as well as your regular customer… Terrible
Wow…this category is important, the only way you can get the attention of these companies is hurting their bottom line, and that’s pretty sad
It worked, too. Found out some stuff about Grubby I didn’t know!
But seriously though… While it may be a difficult task to guess a user’s email to sneak in there, it isn’t impossible. Especially say you’re a mod at a vaping forum, with access to all the registered user’s email addresses. You could just blast your way in, if you felt like it. This is a Security 101 blunder bigtime.
The original site had a lot of users, it was a big site for aspire UK, I used to use it a lot, this day and age they could have mass emailed all individuals quite easily requesting a password reset, this happened in 2017… 
