funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Sears did it again

From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 8 Jan 2008 01:23:59 +0200 (EET)
The spyware report last week
http://linuxbox.org/pipermail/funsec/2008-January/015793.html

and more bad news again:


From Ben Edelman's Web site:


"Sears Exposes Customer Purchase History in Violation of Its Privacy Policy

Want to know what a given customer has purchased from Sears? It's surprisingly easy to find out. Here's the procedure:

1) Go to the Sears "Manage My Home" site, www.managemyhome.com . Create an account and sign in. [Screenshot.]
2) On the Home menu, choose Home Profile. In the Search Purchase History section, choose Find Your Products. 
[Screenshot.]
3) Enter the name, phone number, and street address of the customer whose purchases you wish to view. Press Find 
Products. [Screenshot.]

Sears then displays all purchases its database associates with the specific customer -- typically major appliances and other 
large purchases."
---clip--

More at
http://www.benedelman.org/news/010408-1.html

Later on Friday the post was updated
'Update (January 4, 5pm): Sears has disabled the search feature described above.'

The Register's coverage:

Sears sued for website that leaked customer purchases (Mon 7th Jan)

http://www.theregister.co.uk/2008/01/07/sears_privacy_classaction/

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: