Car shoppers' credit details exposed in bulk

Friday, 26 September 2003, 8:37 AM EST

At least 1,000 automobile shoppers who submitted online credit applications to any of 150 different automotive dealerships around the U.S. had their personal and financial details exposed on a publicly-accessible website, according to a computer security consultant who stumbled across the privacy gaffe.

The exposed site was an administrative page at the Tennessee-based hosting company Dealerskins, a firm that provides turnkey Web solutions to automotive dealerships. The page -- which was not password protected and included no warnings that it was private -- allowed visitors to view, in reverse-chronological order, all of the information that had been typed into Web forms on Dealerskins-hosted sites, like autocentersdirect.com and courtesyflm.com.

The URL for the unprotected page could be determined by visiting a Dealerskins-hosted website and viewing the HTML source code -- a simple matter in most browsers.

[ Read more ]




Spotlight

Hackers indicted for stealing Apache helicopter training software

Posted on 1 October 2014.  |  Members of a computer hacking ring have been charged with breaking into computer networks of prominent technology companies and the US Army and stealing more than $100 million in intellectual property and other proprietary data.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Oct 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //