Durex leak reveals customer details, in a week where data loss has risen to incredible levels

[security curmudgeon <jericho () attrition org>]

http://www.scmagazineuk.com/durex-leak-reveals-customer-details-in-a-week-where-data-loss-has-risen-to-incredible-levels/article/166993/

Durex leak reveals customer details, in a week where data loss has risen 
to incredible levels
Dan Raywood
March 31, 2010

A website selling Durex condoms in India suffered a data breach that 
revealed customers' names and orders.

Databreaches.net reported that on 5th March, a customer reportedly 
discovered that anyone could view his and other customers' orders on the 
kohinoorpassion.com website by simply inserting a different order ID 
number in the URL without any login required.

Available information included names, addresses, phone numbers and the 
type of products ordered, and it claimed that from what a customer could 
determine, the earliest order exposed online dated back to 23rd February 
2009, but there is no confirmation as to for how long the customer records 
might have been accessible without a login. According to the customer's 
website about the breach, no credit card or financial data were exposed.

The customer said that he contacted TTK-LIG, the marketer of the Durex 
brand in India and manufacturer of Kohinoor condoms, and SSL International 
the owner of the Durex brand worldwide about the problem and that by the 
next day, the site appeared to be better secured.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php