From Geekzone(geekzone.co.nz)
There was a glitch occurring yesterday (and possibly still today) where people were logged into different accounts (not theirs) when changing the page, showing peoples personal details, including home address, phone number, order history and card details.
Recommend changing your password.
Most importantly - remove your saved payment method
This is exactly why I never let websites save my credit card details!
This is exactly why I never let websites save my credit card details!
Completely agree - it really is like asking to be screwed.
I asked their support with help deleting my account because of this - they said “ as of now we had no such issues noted, may I know why you ask ?” and “ Thanks for the information's, but so far we have not got any customer's connecting with us regarding this issue.”
This seems kinda terrible!
Update - they finished the chat with “Rest assured your account is safe in our hands.” 😬
https://www.govt.nz/browse/consumer-rights-and-complaints/ho…
Given you took it to them and got such a dismissive response, I'd definitly be reporting it (with your evidence) to the privacy comissioner here
Their customer service is shit. Honestly anything that is under k0gan au$$ie is shit. Just look at their customer service review.
Thanks Wakrak. Stuff has since posted an article about the issue: https://www.stuff.co.nz/nz-news/360699792/mighty-ape-glitch-…
Link for if anyone wants to delete their account: https://help.mightyape.co.nz/hc/en-nz/articles/5872695531791…
Before you delete your account, don't forget to buy some irony from them: https://www.mightyape.co.nz/mn/buy/mighty-ape-remedies-for-b…
Given their pretty poor response on this, if anyone is interested in deleting their information from MightyApe either out of privacy concerns, or just as a message to them (hoping that a lot of people will do this en-mass then feel free to use this template.
Please permanently delete my account and all personal data you hold about me under the New Zealand Privacy Act 2020. This includes (but is not limited to:)
- My customer account and login credentials
- Order history and purchase data
- Saved addresses, payment methods, and contact details
- Any marketing preferences, tracking data, or profile information
- Any data shared with third parties
This is a request for complete erasure, not just account closure.
My account email is: [your email address]
Please confirm once this has been done, or advise if any part of this request cannot be fulfilled and why.
Their support team got back to me a day later and deleted my account.
My replies came through this afternoon confirming deleted
Wow, that's bad. Looks like the entire site is currently offline, according to downforeveryoneorjustme.com.
I had the same thing with 2 degrees a few years ago - logged in as me, but it was someone else's account: an employee from their marketing department. I could see her products, her staff discount, how much data she had used and could have changed details or services if I had wanted to. Contacted them, thinking that they would be interested and concerned about it, and they basically said "ah, probably just a glitch. Looks OK now".
I hope they scurried around in the background in a panic fixing it, but it was instrumental in me moving away from them.