Feeds

Online security gaffe exposes consumers' bank details

Drops customers pants in public

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

An online retailer running a special promotion offer via the sites of prominent web retailers left customer details in plain view on an insecure Web server.

The problem came to light when a Register reader entered his details for a mobile phone promotion, which was administered by onehighsteet.com, and carried on the sites of more well known firms such as House of Chocolates and Software Introducer's.

After running into difficulties with the form, our reader backtracked and was shocked to discover customer data, including names, telephone numbers and bank details, on a web page which was not secured by any password or cryptographic protection.

After verifying the problem, we called onehighsteet.com whose administrator said that permission to access the page containing the customer detailers was left open because the page should not be accessible during normal customer operation. After our call, permission to access the page was blocked, bringing onehighsteet.com in line with a published security policy its lax security had caused it to violate.

This privacy policy, available at onehighstreet.com, states: " When you place orders, our secure server software (SSL) encrypts all information you input before it is sent to us. Furthermore, as required by the UK Data Protection Act 1984, we follow strict security procedures in the storage and disclosure of information which you have given us, to prevent unauthorised access. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
MI6 oversight report on Lee Rigby murder: US web giants offer 'safe haven for TERRORISM'
PM urged to 'prioritise issue' after Facebook hindsight find
Assange™ slumps back on Ecuador's sofa after detention appeal binned
Swedish court rules there's 'great risk' WikiLeaker will dodge prosecution
NSA mass spying reform KILLED by US Senators
Democrats needed just TWO more votes to keep alive bill reining in some surveillance
'Internet Freedom Panel' to keep web overlord ICANN out of Russian hands – new proposal
Come back with our internet! cries Republican drawing up bill
What a Mesa: Apple vows to re-use titsup GT sapphire glass plant
Commits to American manufacturing ... of secret tech
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?