funsec mailing list archives
[privacy] Sears Exposes Customer Purchase History in Violation of Its Privacy Policy
From: Juha-Matti Laurio <juha-matti.laurio () netti fi>
Date: Tue, 8 Jan 2008 01:31:18 +0200 (EET)
The spyware installation issue was reported to funsec last week http://linuxbox.org/pipermail/funsec/2008-January/015793.html and more bad news have been reported again:
From Ben Edelman's Web site:
"Want to know what a given customer has purchased from Sears? It's surprisingly easy to find out. Here's the procedure: 1) Go to the Sears "Manage My Home" site, www.managemyhome.com . Create an account and sign in. [Screenshot.] 2) On the Home menu, choose Home Profile. In the Search Purchase History section, choose Find Your Products. [Screenshot.] 3) Enter the name, phone number, and street address of the customer whose purchases you wish to view. Press Find Products. [Screenshot.] Sears then displays all purchases its database associates with the specific customer -- typically major appliances and other large purchases." ---clip-- More at http://www.benedelman.org/news/010408-1.html Later on Friday the post was updated 'Update (January 4, 5pm): Sears has disabled the search feature described above.' The Register's coverage: Sears sued for website that leaked customer purchases (Mon 7th Jan) http://www.theregister.co.uk/2008/01/07/sears_privacy_classaction/ Juha-Matti _______________________________________________ privacy mailing list privacy () whitestar linuxbox org http://www.whitestar.linuxbox.org/mailman/listinfo/privacy
Current thread:
- [privacy] Sears Exposes Customer Purchase History in Violation of Its Privacy Policy Juha-Matti Laurio (Jan 07)
- Re: [privacy] Sears Exposes Customer Purchase History in Violation of Its Privacy Policy Dude VanWinkle (Jan 07)