As technology becomes more and more mature, every company now wants to have an online presence so that they can sell their products to an entirely new online segment. Today, almost every company have their online website. But the focus they give to the security of their website is very minimal or close to zero.

Issue I found:

Almost a year back, I found an issue in Amway. Amway is a very big FMCG company which sells products in various categories ranging from health to beauty. The issue I found was allowing me to order from their website without actually making any payment.
I ordered some random product and actually received it at my address. Just to be clear, yes, I did not pay for this product which I received at my address.
Picture of the order I got for free:

What did I do after I found this?

I reported this issue to Amway via email. 2 days after I reported this, I got a response that their technical team will look into this and will fix this. But nothing happened. I checked after a month and the bug was still there. I kept checking for it and the bug continued to be there.

After around half a year, in Feb 2018, I tweeted to them to check if they are going to fix the bug or not but that tweet also went unanswered.

I even tried tagging top news publications with the hope that at least they will care about it and will make Amway fix it. But nothing happened.

Today (i.e., 25th September, 2018) again, I checked for it and again I am able to make an order for free.

I still hope that Amway will see this blog post atleast and will get the issue fixed.
Lets hope and work for a MORE SECURE INTERNET.