Tags:





Following a link to foxstore.com revealed another person's address, phone, and credit card information.
August 19, 2005 8:20 PM   RSS feed for this thread Subscribe

Following a link to foxstore.com revealed another person's address, phone, and credit card information.

This evening Ms. Chyme followed this link to the "Buy It" link here; when the page loaded not only was the Simpsons DVD in the shopping cart, but also two more Simpsons DVDs and Garfield: the Movie, along with all of someone's personal information, including name, address, phone number, and all credit card information. The CC number is x'd out but for the last four digits, but the security code and everything else is in there. Presumably we could have ordered thousands of dollars worth of stuff and shipped it to this guy or, you know, to us. We Googled him and found that the information is correct. So, my questions: Why did this happen? Does the Fox Store have this bad a handle on its customers' data? Should we call him and let him know about this, or will he accuse us of "hacking the Gibson"?

Here is a screenshot with the relevant data removed.
posted by Optimus Chyme to computers & internet (5 comments total)
Sounds like a bug in the webstore application. I'd contact him and the store in question (I'm unfamiliar with 'foxstore.com') and letting them about the problem. I'd CC Mr. Gibson in the email so that they know that the customer who had personal information compromised is aware of the situation.

Unfortunately, this kind of thing happens with some frequency. After all, the webstore is simply an application and is subject to bugs just like everything else.

Good luck,
Ed T.
posted by Lactoso at 8:46 PM on August 19, 2005


(P.S. hacking the Gibson; dumb joke, sorry.)
posted by Optimus Chyme at 9:02 PM on August 19, 2005


Heck, call Visa and let them know if you really want to stir things up. FWIW, the card association rules are very clear on the point that the card security code should not be stored in any way, shape, or form after the card has been authorized.
posted by trevyn at 9:20 PM on August 19, 2005


call the secret service U.S. Treasury division. They handle this stuff real well.
posted by Livewire Confusion at 6:00 AM on August 20, 2005


I had this happen years ago on CDNow, which was subsequently bought by Amazon. I contacted their support line -- after taking screenshots to prove that I wasn't making it up -- and let them know. It turned out to be a server error not releasing the session data from abandoned carts. Perhaps this is a similar situation.
posted by mkhall at 12:40 PM on August 20, 2005


« Older Political Science Grad School ...   |   Booty call etiquette: I'm fly... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
A coherent, succinct history of the failures of... September 14, 2008
Honest to blog, I need it. March 5, 2008
foxdog! December 2, 2007
How does Fox keep scoring new TV shows from geniuses? November 18, 2007
Who sponsors "The Factor"? May 16, 2007