We have a fairly large security type issue.
On certain customer accounts when a customer logs in they can see other peoples orders in addition to their own listed in the account / orders panel. They can then click on the order and view name, billing address, delivery address, order information etc.
Is there any circumstances where anyone has seen this happen?
This is not on every account but we have had 4 reported to us so far and managed to log in as one customer customer after they agreed to us resetting their password and lo and behold there were other peoples orders listed under their account.
Any help would be appreciated.