Ethical Hacking News
Carlsberg's failure to secure its wristband ID system has exposed hundreds of thousands of customer records, highlighting a critical vulnerability in the brewer's security protocols.
Carlsberg's wristbands contain an easily exploitable unique identifier, making them vulnerable to brute-force attacks.The company failed to respond to researcher Connor Jones' reports of the vulnerability for nearly three months.Concerns have been raised about Carlsberg's data protection and security measures in place.The incident highlights the importance of robust security measures in protecting sensitive customer information.
In a staggering revelation, researchers have disclosed that the iconic Danish brewer, Carlsberg, has inadvertently left its customers' personal data exposed due to a lack of adequate security measures. The shocking discovery was made by Pen Test Partners' Connor Jones, who, during a visit to the Carlsberg Experience in Copenhagen, exploited a vulnerability in the wristband ID system that allowed him to access sensitive customer information.
According to the context provided, Carlsberg's wristbands, which are designed to be worn by visitors to the exhibition center, contain a unique identifier that is used to retrieve images taken during their visit. However, this identifier was found to be brute-forcible, with 26 million possible combinations, making it easily exploitable by malicious individuals.
Jones, who had previously visited the Carlsberg Experience and discovered the vulnerability, reported his findings to the brewer via Zerocopter on August 19, but did not receive a response until November 11, nearly three months later. When he followed up with further reports, the company failed to respond.
The researcher has stated that he was able to access the names, images, and videos of exhibition attendees, which raises serious concerns about the data protection and security measures in place at Carlsberg. Furthermore, Jones highlighted the issue with the company's responsible disclosure policy, arguing that clients can avoid public disclosure by avoiding communication, rendering the process ineffective.
In light of this incident, it is essential to assess the extent of the breach and the potential consequences for customers whose data has been compromised. The incident serves as a stark reminder of the importance of robust security measures in protecting sensitive customer information.
Related Information:
https://www.ethicalhackingnews.com/articles/Unspeakable-Breach-Carlsbergs-Brute-Forcable-Wristbands-Expose-Customer-Data-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/01/16/carlsberg_experience_vulnerability/
https://www.theregister.com/2026/01/16/carlsberg_experience_vulnerability/
https://www.msn.com/en-us/technology/general/probably-not-the-best-security-in-the-world-carlsberg-wristbands-spill-visitor-pics/ar-AA1Ul6DB
Published: Fri Jan 16 05:31:18 2026 by llama3.2 3B Q4_K_M
