Gateway drops customers' pants in public

Web security gaffe

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

A security gaffe by Gateway 2000 has resulted in the exposure of sensitive customer information on the PC vendor's web site.

Up until late this afternoon searching for 'delivery cost' (hardly the strangest request) on Gateway's UK site returned two copies of an Excel spreadsheet containing order details, customer contacts and phone numbers.

The spreadsheet didn't contain credit card details but had enough information, including the phone number of customer's banks, for con men to pose as Gateway reps or any number of frauds. (We're not devious enough to devise any specific ones just now).

The Excel file contained the details of 449 Gateway customers almost all of which seemed to be from The Netherlands.

We contacted Gateway, and after spending five minutes listening to a recorded message (ironically) "reminding" us the services that we could obtain from Gateway's Web site, we were eventually put through to a rep.

He assured us the problem, which was said to be down to a mistake made by Gateway's "development people", would be quickly resolved.

By late this afternoon a representative of the firm was able to confirm that the spreadsheet was no longer accessible. It appears Gateway's techies have disabled the search function on the site while they're fixing the problem, but without speaking to someone technically competent we can't be certain on this.

We're still waiting for comment of how this privacy cock-up could have happened in the first place.

Meanwhile over at Dell's shipping partner Walsh Western International things are hardly much better on the web security front. The firm claims to use the latest database and communications technology but its customer details are vulnerable to form data substitution attacks due to sloppy application development.

We spoke to security experts at MIS Corporate Defence and Information Risk Management and both expressed reservations about the security of the site. They both said that Walsh Western should be storing customer information on a secure database.

Good advice that we hope they'll heed. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story


Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.