Only just a few days ago I wrote about how I got the impression that online businesses seem to get sloppier dealing with your/my personal data. And then I read this in De Morgen (Belgian newspaper): “Free shopping in badly secured online shop”.
What is it about? Apparently some people found out how they could shop for free at Quelle, the German online shop. Every client who forgot his password could login using name, address and date of birth. If you entered the name of a Quelle shop owner in here instead of your own, you got instant access to the internal system of Quelle. Amazing isn’t it. In here you could look up client data as well as orders, and change them as well. By changing the address of delivery on an order, these guys got the items sent to them, whereas the bill would still go to the original buyer.
Quelle has now fixed the problem, meaning that the connection between the website and internal system was disconnected and clients that suffered through this won’t be billed for the stuff that was not delivered to them. Done deal? Don’t think so. This is just preventing this to happen again, but doesn’t look into the possible effects of personal data being ‘in the open’. I don’t know what personal data they did get access to, but it’s probably something like: address, payment details, orders, order history, … imagine what they can/could do with all that. I think Quelle has got a lot of work ahead in fixing this.
Tags: online+shopping, quelle, hacking