Feeds

Want to publish your credit card details? That'll do nicely, sir

Gaping hole in etailer security

  • alert
  • submit to reddit

Internet Security Threat Report 2014

A Manchester-based computer e-tailer has failed to solve a problem on its Web site potentially jeopardising the security of hundreds of its customers. On Friday, The Register informed MicroLand Online that the financial details of transactions were openly available on its site. The personal details of some 150 people -- including names and credit card details such as numbers and expiry dates -- were clearly and openly available on the site, without any form of password protection or obvious security. Andrew Percy, MD of MicroLand Online admitted that the information should have been protected by a password and insisted that he would implement a "short-term fix" to remedy the situation. According to Percy, the site was rebuilt more than a week ago and that this was probably the root of the security lapse. He said the construction and maintenance of the site was outsourced to a separate company. However, The Register delayed publishing the story on Friday when it became clear the "fix" was not as thorough as suggested and that the personal details of customers were still being published on the site. Today, transaction details can still be found although all sensitive information has now been removed. However, the information still has not been password protected. Kevin Black, of Internet Security Systems was dismayed at the lax security. "This kind of thing doesn't help anyone in e-commerce, and does nothing to boost consumer confidence," he said. The Register learnt of the problem after being informed by a concerned reader. ®

Security for virtualized datacentres

More from The Register

next story
Facebook pays INFINITELY MORE UK corp tax than in 2012
Thanks for the £3k, Zuck. Doh! you're IN CREDIT. Guess not
Google Glassholes are UNDATEABLE – HP exec
You need an emotional connection, says touchy-feely MD... We can do that
Lawyers mobilise angry mob against Apple over alleged 2011 Macbook Pro crapness
We suffered 'random bouts of graphical distortion' - fanbois
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
US court SHUTS DOWN 'scammers posing as Microsoft, Facebook support staff'
Netizens allegedly duped into paying for bogus tech advice
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Verizon bankrolls tech news site, bans tech's biggest stories
No agenda here. Just don't ever mention Net neutrality or spying, ok?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.