So this is why people don't shop online

By Roger on March 28, 2006 3:55 PM | | Comments (0) | TrackBacks (0)

Well, it could have been a lot worse. I had a bad feeling about an ecommerce site and made a purchase anyway. Today, I checked the order confirmation and found that the url for the order was in the format www.example.com/blahblahblah.asp?OrderId=12345

You guessed it. By changing the order ID number I was able to see pretty much every order they've ever taken. While it didn't have any credit card information, it did have the Name, Home address and mailing address for all the orders.

While you do have to have a account to access this information, you can sign up for an account without buying anything. Somehow I think the home addresses of peopel who like to buy electronics could be valuable information. Hey at least they didn't give out my credit card number and email address.

I'm going to hold off on naming names until they've had a chance to respond to my email of complaint.

Categories

General

0 TrackBacks

Listed below are links to blogs that reference this entry: So this is why people don't shop online.

TrackBack URL for this entry: http://www.infosecblog.org/mt-tb20071121.pl/137

Leave a comment

Powered by Ajax Comments

About this Entry

This page contains a single entry by Roger published on March 28, 2006 3:55 PM.

Is it Tax Time Already? was the previous entry in this blog.

Webroot Trumpets Spyware Bakeoff Results is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Add to Google
Please contact me by leaving a comment where appropriate. Otherwise, you can click here to reveal an email address for me.
Got Backups? Get Safe Online Remember Rick Rescorla Powered by Movable Type 4.23-en

Search