Petco settles with FTC over cyber security gaffe
Pet supply retailer Petco Animal Supplies Inc. will be on a short cybersecurity leash for the next 20 years to settle a Federal Trade Commission action over a security hole on it's e-commerce site that may have left as many as 500,000 customer credit card numbers exposed to hackers.
The settlement stems from an incident first reported by SecurityFocus in June of last year, when then 20-year-old independent programmer Jeremiah Jacks discovered that Petco.com suffered from an SQL injection vulnerability that left its database open to anyone able to construct a specially-crafted URL.
By Kevin Poulsen at SecurityFocus.
[ Read more ]