PSA: Stop Using Gesture, Other Insecure Apps


Many of you may be familiar with the gesture website used by many teams like the Toronto Maple Leafs, Colorado Avalanche, San Jose Sharks, and more to bid on warm-up and game jerseys.


From a non-technical aspect, your data is NOT secure.  It has been revealed that other users can gain access to your account via URL.  Their security does not require authorization on devices, which means they are storing sensitive information in encrypted URLs and not a token system unique to the session on your device.

This is super insecure.  Using a link from another user to a current listing, we were able to view their account information by just clicking on the tab.  No additional login needed.

Also, be wary of other insecure apps floating across the hockey world.  It has been reported that the San Jose Sharks currently use a ticketing app that stores your password in PLAIN TEXT or unencrypted to support staff.

If you value your security, you will avoid these apps and do research on others that you use.