E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: CNN.com

Posted on November 11, 2000

      Online retailer Buy.com Inc. and United Parcel Service of America Inc. claim that a glitch in a new product-returns system used by Buy.com's Web site exposed the names, addresses and telephone numbers of some of its customers to other Internet users in October.

      In a statement, Aliso Viejo, Calif.-based Buy.com said it and UPS "have implemented a technical solution concerning the online returns process" after learning that information about a "small number" of customers was briefly viewable on electronic shipping labels provided by UPS as part of a service announced last month.

      Buy.com is the first Internet-based retailer to use the online returns service, which provides online shoppers with on-screen labels that they can print out and attach to the packages they wish to return. A Buy.com spokeswoman said the company would have no further comment on the glitch with the servers that run the UPS service.

      But Steve Holmes, a spokesman for Atlanta-based UPS, said credit-card numbers and other personal financial data collected from Buy.com customers as part of online transactions weren't exposed to other users. "Basically, it was just what's contained in a phone book," Holmes said, although he added that UPS isn't trying to downplay the seriousness of the security hole in its servers.

      The problem occurred when a customer was returning some merchandise purchased from Buy.com, Holmes said. When a user fills out the return shipping label, the UPS system automatically generates a Web page containing the label. By changing one number in the URL of such a page, Holmes said, the customer who reported the problem was able to see the mailing information of other customers.

      "Buy.com provides us the customer information, [which] we then provide back to them in the form of a shipping label," Holmes said. "The problem is they gave us that information in sequential order." Because of that, he added, it was easy for an outsider to figure out that he could view someone else's information simply by changing a single number in the URL.

      However, Holmes noted that each label was saved as an image file and not as a data link, which he said made it impossible to create a software program that could automatically capture all the information.

      Andrew Shen, a policy analyst at the Electronic Privacy Information Center in Washington, said Buy.com's first responsibility is to notify its customers about the security hole. "I think we're realizing that there is no such thing as perfect security," he said. "But the [issue] is how companies respond when they discover [a glitch]."

      Shen added that some people have unlisted telephone numbers and don't want their information given out, especially via a medium such as the Internet.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.