Security breach? Open positions viewable!


I’ve notived when both my brother and I logged in into C2 my brother got logged in normal


I ended up at a system’s page called KC QLD/QID from Kingdom Capital.

I could see the system’s open positions! I’ve have taken screenshots to prove it. Matthew, just to show you I know, he now has two open long positions in the red without specifying the instrument.

I don’t think seeing open positions is alright is it?


Hmm. Are you using the new site or the old site? Please email me the screenshots so I can examine. Thanks.

I can confirm that I saw it too. It was after a page refresh when my login had expired. After I re-logged in, I could only see my current subscriptions again.



  1. I will email the screenshots to you tommorow morning. It’s bed time where I live sooo :slight_smile:

    2. Interestingly enough I remember seeing it on the old normal site too (this time the beta) but I clicked away because the screen didn’t look right… so afterwards I forgot about it… But thinking about it now it was exactly the same.


Indeed Daniel! That was it, I remember my page was expired and just hit the refresh button…and then it was messed up: no account name login mentioned yet his dashboard visible.

Gilbert, don’t worry I’ve clicked away after taking the screenshots (Matthew’s eyes only)

Thanks guys.gA


Sending the screenshots now from my hotmail account, not at my office now. It’s in a docx. file

BTW, just had it again, again with KC. It said I was subscribed to it on 28/10… oh, 10/28 that is. :wink:

Here the come Matthew, and please look at it asap. Thank you as always.

Oh and, I’ve used the bug report address to mail them.

Ok, this issue has been resolved. It was not a "security breach" – but was rather another (less scary) bug. Basically, a user attempted to subscribe to a system, and at the moment he subscribed, his session timed out and he became an "unregistered user." Thus, the unregistered user identity suddenly subscribed to a system. This in turn meant that when your session timed out and you became the "unregistered user," you were subscribed to one particular system.

Long-winded explanation. Small problem. Now fixed. Thanks for finding and reporting.

Ok! Sorry for calling it a security breach…

We Belgians mainly use American movie lingo such as: ‘there’s a security breach in sector 7G, sir’ which clearly does not cover the spectrum of the whole language…