E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Glitch let small biz customers see other customers' records

Source: MSNBC

Posted on January 5, 2001

      A glitch in AT&T's Web site has exposed billing and account information for thousands of small businesses, MSNBC.com has learned. The flaw allowed AT&T small business customers to view other customers' account information. After receiving a call from MSNBC.com inquiring about the problem, AT&T disabled part of its Web site Tuesday afternoon to protect customer data. The site was repaired by Wednesday.

      About 120,000 companies use AT&T's "Small Business Center" Web site to track their telecommunications bills, according to spokesperson Paul La Plante, an AT&T spokesperson. Only existing customers who were logged into the AT&T system would have been able to exploit the flaw and see the exposed records. A mischievous account holder could have viewed about six months' worth of billing records for 120,000 companies, including individual phone call details, according to the company. On Tuesday, AT&T disabled some of the Web site's functionality to prevent users from illicitly viewing customer data.

      "We are not aware of any customers experiencing a problem related to this situation," the company said in a statement. "Safeguarding customer information from unauthorized access is a top priority for us." The company added that access to the data "was random in nature, so it was not possible, for example, for a business to learn information about a specific competitor." Company officials said the site was fixed and fully operational by Wednesday morning.

      Frustrated AT&T small business user Tommy Dougherty, who works for a small central Virginia firm, brought the flaw to MSNBC.com's attention. When checking his online bill statement recently, Dougherty discovered he could view other customers' records. He now plans to cancel his AT&T service. "We would consider this information to be pretty confidential. We are in a competitive business. We would terminate an employee if they disclosed this information," he said. Dougherty was particularly frustrated because he says AT&T essentially forced him and other small businesses to use that Web site recently by announcing it would no longer send out paper bills. "So everybody's bill is on there whether they register or not," he said. La Plante said customers can call the firm and request paper records. The company actually has about 5 million small business customers, but only those 120,000 who are part of the firm's "interactive advantage" offering are in the Small Business Center database that's connected to AT&T's Web site.

      Following Dougherty's two-step instructions, MSNBC.com was able to view dozens of billing records from small companies around the United States and Canada. For example, several months of records were accessible for the Better Business Bureau of Charlotte, N.C., and the Assembly of God church in Saint Charles, Mo. It also appeared that MSNBC.com would have been able to add or cancel telecommunications services for the companies, but AT&T disputes that.

      Dougherty was critical of the AT&T's programming error that led to flaw, suggesting the company is misleading users by telling them they are at a secure Web site. The Small Business Center does employ encryption to protect data from being stolen in transmission to AT&T. "[Users] think they are on a secure server. That's true, the data is getting encrypted between me and the company. But I'm looking at someone else's data," Dougherty said.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.