Issue date: 24 October 2000 Article source: Daily News Video Web security glitch exposes credit details

Over 10,000 consumer credit card details were left exposed on a UK Web site last week after a British video retailer upgraded its Web site hosting arrangements.

Bensons, a video and DVD mail order outlet, said the security flaw was discovered by a consumer who reported the fault to Computeractive magazine, which immediately contacted the retailer.

The company said that details of the companyBs 11,500 customers, including credit card data, names, addresses and Hotmail passwords, were left unprotected on the site for up to five days and could easily have been accessed by anyone making a slight change to the Web site address.

Within minutes of being alerted to the problem, Bensons immediately secured the site and made moves to assure customers that the security fault would not happen again.

The problem occurred just days after Bensons changed its hosting arrangements, and moved from a shared server to a managed dedicated server.

BWe swapped the servers 10 days ago and when we did a routine check last week, all the security measures were in place,B said Peter Schofield, business development manager at Bensonsworld.co.uk. BThe data was exposed for 5 days or so but we have kept access logs and fortunately it looks like Computeractive was the only one that discovered it,B he added.

Schofield said despite the scare, the company would press on with its e-tail offer. BWeBre having a bit of a tough time at the moment but it hasnBt shaken our confidence in online trading. There are lots of hazards out there for retailers and this is just one of them.B

http://www.computerweekly.co.uk/cwarchive/daily/20001024/cwcontainer.asp?name=C4.HTML&SubSection=6&ct=daily

-- Martin Thompson (mthom1927@aol.com), October 24, 2000