Online merchant emails customer credit card details

Bone-headed security breach has booted merchants off its Dabsxchange auction site after the latter committed a serious security breach involving its customers' credit card details.

On 7 September distributed an email to their customers, who had purchased products from a virtual auction hosted by Dabs, with an Excel attachment containing credit card details of other customers.

A Register reader informed us that the offending email contained names, addresses, telephone numbers, credit card numbers and credit card expiry dates of customers.

The 127 people affected by breach, which was the result of human error, have been advised to contact their credit card companies to get cards cancelled.

Dave Atherton, managing director of, described the actions of as "sloppy" and although the breach had nothing to do with the security of its auction site it decided it appropriate to sever links with the firm. sells software and games in a similar manner to book clubs making its money from postage and packing charges on software that is sometimes listed as being "free". It is a marketing program run by retail Web site

In February, we reported that left customer details in plain view on an insecure Web server, now its security has been called into question again.

Carl Laidler, concept development direct at, said the security breach was a result of human error. A member of the firm's customer service team emailed a customer spreadsheet out without reference to any accepted procedures.

That person is the subject of disciplinary proceedings.

To restore confidence, has withdrawn its online sales activities for between seven and 14 days during which time it is bringing in an external consultant to conduct a security audit. ®

Related Stories

Online security gaffe exposes consumers' bank details
Credit card scam puts dotcom close to death

Sponsored: Magic Quadrant for identity governance and administration