UPDATE - System Glitch with Barnesndnoble.comgreenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread
[Fair Use: For Educational and Research Purposes Only]
Barnesandnoble.com exposes customer's information
By Greg Sandoval Staff Writer, CNET News.com June 1, 2000 A New Jersey man trying to key in a coupon code at Barnesandnoble.com yesterday found himself in another customer's account with access to that person's personal information.
The man, who identified himself as Ken, said that he tried to use the coupon to purchase two books and was given access to the address, phone number, address book, email address and a list of past purchases of a New York woman. Her credit card information was not able to be viewed.
Contacted by CNET News.com, the woman confirmed the information was hers.
A spokesman for Barnesandnoble.com, the Net spinoff of Barnes & Noble, said the company is running diagnostic tests to determine the source of the security leak and said it believes the incident was isolated.
"We believe (the problem) to be a faulty link that allowed one customer to see another customer's order information," spokesman Gus Carlson said. "It is important to note that at no time was any customer credit card information displayed on the site--indeed, customer credit card information is never displayed."
Systems glitches have plagued e-commerce sites since the Internet's creation and undermine customer faith in online shopping, analysts say. The list of companies that have suffered a security breach is long. The latest example came last week, when Yahoo acknowledged that faulty software had caused some users personal information to be exposed.
Microsoft has battled to plug security holes in its Internet Explorer browser and Web management software in recent months. In February, the Web site of tax preparation stalwart H&R Block exposed some customers' private financial information.
The woman whose information was exposed said Barnesandnoble.com will have to explain the cause in detail if she is to shop there again. She said she works for a company that troubleshoots system problems like the one Barnesandnoble.com experienced.
"This shouldn't be happening," she said. "You are not surprised to hear about a problem like this at a small site but for it to happen to a big company like them--it makes me nervous to shop on the Web ever again."
-- (Dee360Degree@aol.com), June 02, 2000