Feeds

Online merchant emails customer credit card details

Bone-headed security breach

  • alert
  • submit to reddit

Reducing security risks from open source software

Dabs.com has booted merchants BuyB4Sold.com off its Dabsxchange auction site after the latter committed a serious security breach involving its customers' credit card details.

On 7 September BuyB4Sold.com distributed an email to their customers, who had purchased products from a virtual auction hosted by Dabs, with an Excel attachment containing credit card details of other customers.

A Register reader informed us that the offending email contained names, addresses, telephone numbers, credit card numbers and credit card expiry dates of customers.

The 127 people affected by breach, which was the result of human error, have been advised to contact their credit card companies to get cards cancelled.

Dave Atherton, managing director of Dabs.com, described the actions of BuyB4Sold.com as "sloppy" and although the breach had nothing to do with the security of its auction site it decided it appropriate to sever links with the firm.

BuyB4Sold.com sells software and games in a similar manner to book clubs making its money from postage and packing charges on software that is sometimes listed as being "free". It is a marketing program run by retail Web site Onehighstreet.com.

In February, we reported that Onehighstreet.com left customer details in plain view on an insecure Web server, now its security has been called into question again.

Carl Laidler, concept development direct at Onehighstreet.com, said the security breach was a result of human error. A member of the firm's customer service team emailed a customer spreadsheet out without reference to any accepted procedures.

That person is the subject of disciplinary proceedings.

To restore confidence, Onehighstreet.com has withdrawn its online sales activities for between seven and 14 days during which time it is bringing in an external consultant to conduct a security audit. ®

Related Stories

Online security gaffe exposes consumers' bank details
Credit card scam puts dotcom close to death

Eight steps to building an HP BladeSystem

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
Chips are down at Broadcom: Thousands of workers laid off
Cellphone baseband device biz shuttered
Twitch rich as Google flicks $1bn hitch switch, claims snitch
Gameplay streaming biz and search king refuse to deny fresh gobble rumors
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.